gentoo resync : 14.07.2018

21 files changed, 3789 insertions, 0 deletions

diff --git a/app-admin/rsyslog/Manifest b/app-admin/rsyslog/Manifest
new file mode 100644
index 000000000000..51193ce08206
--- /dev/null
+++ b/app-admin/rsyslog/Manifest
@@ -0,0 +1,32 @@
+AUX 8-stable/50-default-r1.conf 1952 BLAKE2B dca027ea6073384a2ec5867722028f70599c51fd8c46672ce647e84a7de4b3a0dc5bfaf43f7317eddb902c4987266ae67f88b43375a51e82a3ffefbb61c4d099 SHA512 1bc4d8059d83de57ff44d34265b0c3881bab7889f51c044728ba462c9105c89425187f95b6b01d6d6d103abde22a9dff063e5d6b90027ed87e9f851f9b1ad5b3
+AUX 8-stable/50-default.conf 1701 BLAKE2B b14c89f70d405b206818d077190cf8fefd1a01db4cdd38f5012b09b4e3440e16b6a3ca7ff20cfa616622565b3477e7f4d44252d72d1c3cdf148a1b59f629442a SHA512 33e4e63239b9112fec1a37115ac80ab8dbd6e7189d9d29b1bc743c433e0124ea0d1a4cf6f7ada9e5b92e9b0025b6617a1a16f4c491e743bbf4327a5f376a1ea9
+AUX 8-stable/README.gentoo 1126 BLAKE2B b7e3881605c2bacda7f415b3f3195e1ef405a8e9fc7fd627fd35b0ab90966cbb29c9a85fcf2df6092062c5af353d44a02d3451e3caa072f4fa44d681702e9807 SHA512 46fdf3350e2005d3ef588d50dfc6d474a1b5d3010329b656879a43cbbd7be0cd91944b88d3838f45f69c830fc28c42e7fac2cd52e0a4b24bb6780562d59ae384
+AUX 8-stable/rsyslog-8.27.0-fix-mmnormalize-tests.patch 509 BLAKE2B e50fd76f239be9fe15a0a7c8dd2b5984af69487c5ffe5a4f12e415f9c4040e600c5552dbe66c32879729c0f497bf74f1f63730b2f4c6a9a658fd385cb684cf05 SHA512 70bfe4f95b23e4e88e5b7535a1b86742a02438f2eadc6fd2e82c66ebdc9d59d983c1ded7d4902dd5d7ef9413847398c1318df82bace3b7e5b1ca8bd23ca9e8e4
+AUX 8-stable/rsyslog-8.32.0-fix-building-without-curl-r3.patch 3878 BLAKE2B 9f1a030807a312801ce6c66bb5120029b935bf5ba2029b4d7297713f865f509fd1761595ba05c479a1aa860c8564fe38bdebe51c3c36ab278aa518de0f2285dd SHA512 19765cbd9aa13cce9590ab08c4a626eba06b94fd4345b3fc3b77149ed9401ea91c41f00b105a5b7f15bae611f5b718abdac23fff9ec205c3385686203e6aa701
+AUX 8-stable/rsyslog-8.34.0-fix-issue2612.patch 558 BLAKE2B ad05cd0a3b3570821465faf9f01541164eb18b1355363ad2208d9ee148971e1b86fb47fa2a81da2050a13c750342b3643e24dcb4db78149e6495353805180e10 SHA512 5249be1b70070ae30a41feacce83feea1a97f76eda0b5b60c29e4db6d50f4d27be8ab66de6187343d5b881eaf19414c2b8766fc99523c52e51f6a7c9b62e7d94
+AUX 8-stable/rsyslog-8.35.0-fix-issue2719.patch 7561 BLAKE2B 4adc0643dcb42bcc33ba3f8fc878ea4996d22e06865680fad6c9f0bff9da27d55293732e17678a36ce33d4ff1d76049d8b9b55bd0eb6b4987c893b48bf5daddc SHA512 54ad784c328a4def4c46777ba3b4ebe3d451d9a5a6883e3e6bd912070c52aaf2e85fefd938d64cbbd87ef9ae4ac0b4685ad1c0e74ad2bdf02bfa247ddcca939d
+AUX 8-stable/rsyslog-8.35.0-fix-issue2726.patch 1726 BLAKE2B 3b406319098637b81f85127494fb921529eb2704ae9ac6a90e89e4655412220748bba6584f010de1ca17c0a19fbd01b5c56314f43c7eec329b71884d24f3df93 SHA512 421a6b67372b1b4cac459f6fae7a6e839d96c363f8cb5fa4d38b7c64b53752a9a6ae2c050dd8cc18464475a0601d5451ac51719bd85df9ac40eaebb498a4c23c
+AUX 8-stable/rsyslog-r1.logrotate 994 BLAKE2B 36dee881c2cb79ce69678c7cb12c71fb70d970e5e10728a8d2b8acf2c08f613cea9c2a74d78ed7b75333147a6b1a553fe281956990e044a9db651c7486690dee SHA512 5ca68b4eec5bebaed48edb69c85f8338273db847ab1cc6999ce7cfe06644dc3854c3040e0ebd8a4900c213b267b2a081e7901ceb4e58f9dfdc7dc036aff02b6c
+AUX 8-stable/rsyslog.conf 1562 BLAKE2B 3abbc4c13c8c1d3817ac9a7c7f048aa1a8d7f279bf638dc91d15a785ad42c1b34a61de0be33b4ffa218a655849aeceff3e8686384e1d77472417235ce453b546 SHA512 1720174fab020e2de590f3d6bbb03784aca1928fe05f7e75e02fb4597cb8b2ee755e6deb8e8f989060511044ae483f791f496f24e0eecaf27eb9e0b5e20a2c7a
+AUX 8-stable/rsyslog.confd-r1 1145 BLAKE2B 06e63c7500238dd31abddd105269714387b990a3530ad11443a8502ad68221c3f8e8b0db02ba3ad2b7010483364d36a5b526a461d3465972b74d2cd36ff08747 SHA512 a7f8621bdd490596b09f9a7583dd0c992006c55335b2e6e687bef4141bb18cd4bb43e23f590a138e9c8d5a3cbac0cc46c3b01c7d3ff9f9dd3c53418b13b0dd4a
+AUX 8-stable/rsyslog.initd-r1 1758 BLAKE2B 1af0e2371067ac2c51bff7b9c4442abba8d8a14714b7604e2f49d244fb08bef7614e73cbad201e6f4902504abd78ab32fdd093acb5714d53238353c8a9bd977e SHA512 0ddd385e77759370344032f52f945b1e90d4961140db63e2562e4be78dfc2bae16ac9439d40fe078110593999b5c5efd7680b402fc0771b1261ff28b1725e265
+AUX 8-stable/rsyslog.logrotate 682 BLAKE2B cb6a4a00895c5801c15621e52fb16c4b046a46f27bd21c5e76c253e62421f07826f603ab529e8a95f260925d58948a78c89f41c9b9f61e142217403ab454c02f SHA512 6c58abd2f02157177a61695f53eccbf201c514821b0c551a4812621e8d3dd2da9b5cd651d93860cb51ebdbdc7056d0ef0dde99c2a57ac3c43aa968a141805912
+DIST rsyslog-8.28.0.tar.gz 2471122 BLAKE2B 48ed55cbf02eca22591c3d1d59db8f956e4d852cbabb4ae8837767a2c843209a53becbe2a9f595290b44d79c8813414c20954ce1ccaa08bf0786423df79344e3 SHA512 e27ba0ff22e945393536abc5bc6e234d8849db291a5056429b59b47abe15fb060fc5c26efedcfe347b386d438b3f8a029ae4577a1d803666701431677f628cb1
+DIST rsyslog-8.32.0.tar.gz 2478990 BLAKE2B 21bfc93b55da107bec2eddb89cb42d76990ced2675caeb6e73183a109f9bc8293bde43f202bb56007f9ea4e49de385b004c158059cb13e8d3d376bf050ca445a SHA512 eea85d77bf3624fbad6f0838fa2a4af7c14d853c8f120f14cf697cdfda7f7e0692dab684d2ddd07fe44a0bcd50cf91baf69af1bb63dc9d60e19146f1150155ac
+DIST rsyslog-8.33.1.tar.gz 2494338 BLAKE2B 680ad2c062386e4e3e6c6e1a83cf0001d63da305edae9df527d1079a2fa13b8715e3cbfa211ca908e0005f1762becfd88369a7cd1488134564980137f0e98d86 SHA512 c4b426409e89463a8e8f7f9d0267f2fa1df1a84e947ce7bf91255db88b4cad5b7e607c476ba2db0543af069c44cdbb35330e0839696bf83668200e8ac009c6a0
+DIST rsyslog-8.34.0.tar.gz 2545544 BLAKE2B 66caf277a814563027183ecf267d76067c384adf8d6d7b8543203df9a7c37242722dd35445e4446aacf1e680f5f3957cea40ece8a284ef2a393b4a71e3a2b49c SHA512 69eaececa2f8b98799deac8e6cb2cf635a5117da7a21cbb0b880b7df1d83c6ccf16133dab099a6e5fb865f34c2dad164a1bf1952d16ca116af3b1dd35d15065e
+DIST rsyslog-8.35.0.tar.gz 2590108 BLAKE2B e201c1366b8ab96c070829d51de079212e82216a793eb7622aa91c66e2330981de8be547b1ee7f102ed7d8c8de054d58ba151e95238146a61fba8fe908c5f929 SHA512 3b8845fc057147c2dd740b3bb432e7fb101ad60be5c6bc86a2c2796bcd3f3526c617d45b9e8301388d51047a125ca18ba4ac54f8be2a13eabbbe8fb9361beecc
+DIST rsyslog-8.36.0.tar.gz 2639477 BLAKE2B 9c7343d853f79e2955a8999e2871a2a9b008cb3ef75b94e2381a3a0ff3e49445593d852d7de3819851dc0d4c17a91d966ca2fbfd52e8215ebdbaf6b7ccd68bdf SHA512 b0c8689374b5b0fb5ad9675ad8983ce67bd04d34ad07d39cf8f91498fd2fd21a173f1077e5fa1b66a89a9d93ab011fc6345ac1a3be9961f4794fc9e152c32a50
+DIST rsyslog-docs-8.28.0.tar.gz 4424901 BLAKE2B 9753b1a48b9d3bb045f2d088de5df0bbe5bc9045a82a5cab98b27c2df7648ac312929a173ec34c81ced46cb0eba336d708204b73b57413686769afa882dceaa5 SHA512 c085e09149cfc27ce0cd22edf9ad3f81b111f491fbea79afbc3172882065bd8324e366e3b5d09c885c1a3aa63fe8fbbe154d66488319d4ffc0867f938e1ab07d
+DIST rsyslog-docs-8.32.0.tar.gz 5368254 BLAKE2B 6d1efb191698bb1cfb03660167e5dcf9eea8f2fd2e459c350cd55aa24afcc5fb44d2bc0ef5590c6951326fbd0215aecbd59a6122e88ff449f566b37d1ee00d56 SHA512 e64eba3c40eab35e266826fb7e183418f38eb008f2a21ddf2c523d1e42aacaa20f882a561e5df67a979463048b58232fa82759645a21dc6962f6836ac8f57bce
+DIST rsyslog-docs-8.33.1.tar.gz 6770438 BLAKE2B e076688d7559c16986241149c00f6df603e2c90771222f4f91dc944fbdeace3dbc6e47fc82602f852a7407e064fe31df0a1c2940d521ae6ae21f5663518bfeb7 SHA512 fcc8ffee372c0b0dc2ab1b76dcf68a66ce820996cf2d46a2b5c6fd40e6fad5ef3c33da97a2e88956751597c20cf0c4a9b6537c22db0b3b46d1a734a9d9f95df5
+DIST rsyslog-docs-8.34.0.tar.gz 7419160 BLAKE2B 928e6a4044d6d2161483f934e6c2cd5e489a3ec95b823419d7d57b98a7dd6c73f4d28d17c238471592fe1c692b626b57c7bf647e926c1c38ff5a774e5d2defd5 SHA512 edf9aa63c777624c3dc27dfd64b38893b9b4c9b56941df1d7a8c6bc3cb4cbbfb83e8c356cbefeab7c688ecb6017b66ed99931cb71b69b7c927b4743548dd40d4
+DIST rsyslog-docs-8.35.0.tar.gz 7427270 BLAKE2B 5441080c07a8398cd5d513ba6abe0335f62762f105354105549f0440c0429c62a4f28a4cc84a71d049bc8134cd64bda2c2210a2f30fd5b94f53e0bc783e7c8d1 SHA512 f78d0451eef789d60f7c5ae1eed46c4a9f7a6ade73b829f65aa2373aa786b00e84e8957089532b1b652838bd9f62b41d92530276a0d27e21b8e94d5f0e4728a6
+DIST rsyslog-docs-8.36.0.tar.gz 7570338 BLAKE2B 031f94b88fb97e6c8b01d224279138c371a5f54ecc5d7a9298b4ec6351c5d380065877888ab1969386b76b9e715937b7335bee59c3d5b8ddd4910392a58d08cb SHA512 a93f56c9c9464a9ca87f61169c6fcfaa94608f31210eaac77e882e64bf5f514c887765db6bb57e4defafeb2a6e552506f0274c1ed275306efc1656f5520b5efa
+EBUILD rsyslog-8.28.0-r1.ebuild 12496 BLAKE2B 6389d72e3018fc1df8c7fa1f2a511360f1cd708534eaa2969a8418abdc92cee03934a5e2f9865bfe0ae462a6f3b49e17acf0434403e402f5ed149ae05203a366 SHA512 54e9cdef851779a9b2f8034474fb5c17e66a27679f24c50c6cc74fbdd8ff92a06a30998a40c5264ac4123b9f8860487b6e2a87607d00f38591fe7ac251623bc0
+EBUILD rsyslog-8.32.0-r4.ebuild 12716 BLAKE2B 9bbfe2d1395a6b298dded2c36d0393e1b11f8b11b0b05c87d2fbe7d1d72d52956b46b2a1a65048daed2a21ba2ed897023dc419f7dca242febbc70b54f4dc0112 SHA512 b8b14edcc03b268699a2e727a942ba34706d95a953426c8a9e2fde33f2aab44a4588d8b8c21627b0b8bd2fa95c295d5e1d84f83ccb3de857c46a768a72093451
+EBUILD rsyslog-8.33.1-r1.ebuild 12634 BLAKE2B efd3e3c908e293ff50a3ff7102c42068627403b912393edfd970271e2974083280839a16bce4175ce4cc946f2d01ff2d516428c18c5f157b541d24c2b316e38e SHA512 ac770033e43c6f5d7d9f93c5586a29389436bc4b479ff1d2a81f7b63121ccd3bff3f9726b7395244a5384d4a3844968b9c8f0bd11ea1f56a381616d231b66fbf
+EBUILD rsyslog-8.34.0.ebuild 12867 BLAKE2B 87c372d138bda89e41a32e9732c733d03ea9a7da8e296e127a843568a9d6b58bc068dd5273a1d627b91b6062c8eab9a0dab2293cef950a3d4ac69eb59a3323d8 SHA512 14058cf62a65e191098e034c2e061112203b1dcb01658684dfbf178d2d26c2a390b4a3b40acfb01dd62363d8dfe87e86e040541341f3125c422a04e3bf464010
+EBUILD rsyslog-8.35.0-r1.ebuild 12933 BLAKE2B c1a1a25566fe6a0da7e4461cea3c2c004cad7ad3136d1b902f1d46e498b4efb86f267eaf9bc480ec91146d6dd2df7def6bc2dc01bdec3a76d22f155ae20d5602 SHA512 6a85e6b19d05b8f720d1625e2c74648d4c8c5901d2c9783cd4f6e229771c7f0ee2d628c82dde94965d870c4fb421324446c178112125b7b83cd623e91b1941d3
+EBUILD rsyslog-8.36.0-r1.ebuild 13028 BLAKE2B 35fc40fbdd8eae6f8868e70a42efc35f0f2393f533b13584180991fc4d567fce8af361eb30a91e2c49366392aefaa103035f4087b8b423a39f75488c26bf546d SHA512 d4d9a7c1fc4af8bedf6daec4ab7b0be21864e0a9924593bf13b5bb52fd06e22d31e076ee79c9cbdc5809232eee8a654d28741d92421e9b5fe2c7ba717d8c7f1f
+MISC metadata.xml 3850 BLAKE2B 1de60aef00ce700d8d2c05d93d3237170399c65ddfbd37f86e95dd0ef89c7910335b6fdbfc0e806345bb3dbd52212f0bdab45b57acf31b2241ed7d3bf52a64d4 SHA512 c66217bd3a1dd613d49fca4d42267e276bb4f085b14a452da0484ec508cfd45eb36049006cdb6ad58c7c74d88dd6512e922c8bdf07ac01602fbbaf7606215b82
diff --git a/app-admin/rsyslog/files/8-stable/50-default-r1.conf b/app-admin/rsyslog/files/8-stable/50-default-r1.conf
new file mode 100644
index 000000000000..920c214ff6ca
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/50-default-r1.conf
@@ -0,0 +1,107 @@
+#######################
+### DEFAULT ACTIONS ###
+#######################
+
+auth,authpriv.* action(
+	name="action_auth"
+	type="omfile"
+	File="/var/log/auth.log"
+	FileCreateMode="0600"
+	FileOwner="root"
+	FileGroup="adm"
+	Sync="off"
+)
+
+cron.* action(
+	name="action_cron"
+	type="omfile"
+	File="/var/log/cron.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+daemon.* action(
+	name="action_daemon"
+	type="omfile"
+	File="/var/log/daemon.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+kern.* action(
+	name="action_kern"
+	type="omfile"
+	File="/var/log/kern.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+lpr.* action(
+	name="action_lpr"
+	type="omfile"
+	File="/var/log/lpr.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+mail.* action(
+	name="action_mail"
+	type="omfile"
+	File="/var/log/mail.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+news.* action(
+	name="action_news"
+	type="omfile"
+	File="/var/log/news.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+user.* action(
+	name="action_user"
+	type="omfile"
+	File="/var/log/user.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+*.=debug;auth,authpriv,news,mail.none action(
+	name="action_debug"
+	type="omfile"
+	File="/var/log/debug.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
+	name="action_messages"
+	type="omfile"
+	File="/var/log/messages"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+# Uncomment the following directive to re-enable the
+# deprecated "/var/log/syslog" log file (don't forget to re-enable log
+# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
+#*.*;auth,authpriv.none action(
+#	name="action_syslog"
+#	type="omfile"
+#	File="/var/log/syslog"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+*.emerg action(
+	name="action_emerge"
+	type="omusrmsg"
+	Users="*"
+	action.execOnlyOnceEveryInterval="10"
+)
+
+# Create an additional socket for the default chroot location
+# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
+input(type="imuxsock" Socket="/var/empty/dev/log")
diff --git a/app-admin/rsyslog/files/8-stable/50-default.conf b/app-admin/rsyslog/files/8-stable/50-default.conf
new file mode 100644
index 000000000000..9ae8578215bb
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/50-default.conf
@@ -0,0 +1,95 @@
+#######################
+### DEFAULT ACTIONS ###
+#######################
+
+auth,authpriv.* action(
+	type="omfile"
+	File="/var/log/auth.log"
+	FileCreateMode="0600"
+	FileOwner="root"
+	FileGroup="adm"
+	Sync="off"
+)
+
+cron.* action(
+	type="omfile"
+	File="/var/log/cron.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+daemon.* action(
+	type="omfile"
+	File="/var/log/daemon.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+kern.* action(
+	type="omfile"
+	File="/var/log/kern.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+lpr.* action(
+	type="omfile"
+	File="/var/log/lpr.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+mail.* action(
+	type="omfile"
+	File="/var/log/mail.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+news.* action(
+	type="omfile"
+	File="/var/log/news.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+user.* action(
+	type="omfile"
+	File="/var/log/user.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+*.=debug;auth,authpriv,news,mail.none action(
+	type="omfile"
+	File="/var/log/debug.log"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+*.info;auth,authpriv,cron,daemon,lpr,mail,news.none action(
+	type="omfile"
+	File="/var/log/messages"
+	FileOwner="root"
+	FileGroup="adm"
+)
+
+# Uncomment the following directive to re-enable the
+# deprecated "/var/log/syslog" log file (don't forget to re-enable log
+# rotation in "/etc/logrotate.d/rsyslog" if you do that!)
+#*.*;auth,authpriv.none action(
+#	type="omfile"
+#	File="/var/log/syslog"
+#	FileOwner="root"
+#	FileGroup="adm"
+#)
+
+*.emerg action(
+	type="omusrmsg"
+	Users="*"
+	action.execOnlyOnceEveryInterval="10"
+)
+
+# Create an additional socket for the default chroot location
+# (used by net-misc/openssh[hpn], see https://bugs.gentoo.org/490744)
+input(type="imuxsock" Socket="/var/empty/dev/log")
diff --git a/app-admin/rsyslog/files/8-stable/README.gentoo b/app-admin/rsyslog/files/8-stable/README.gentoo
new file mode 100644
index 000000000000..9f0666c86b0a
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/README.gentoo
@@ -0,0 +1,36 @@
+Introduction
+============
+
+Since rsyslog version 7.6 we are shipping a new default Gentoo
+configuration. See bug #501982 to learn more about what we were trying to
+achieve by rewriting the entire configuration.
+
+
+Important changes
+=================
+
+1. "/var/log/syslog" log file is now deprecated
+
+   Beginning with rsyslog-7.6, the "/var/log/syslog" log file will no
+   longer being written per default. We are considering this file as
+   deprecated/obsolet for the typical user/system.
+   The content from this log file is still availble through other
+   (dedicated) log files, see
+   
+     - /var/log/cron.log
+     - /var/log/daemon.log
+     - /var/log/mail.log
+     - /var/log/messages
+   
+   If you really need the old "/var/log/syslog" log file, all you have to
+   do is uncommenting the corresponding configuration directive in
+   "/etc/rsyslog.d/50-default.conf".
+   
+   If you do so, don't forget to re-enable log rotation in
+   "/etc/logrotate.d/rsyslog", too.
+
+
+2. An additional input socket in "/var/empty/dev/log" (default chroot
+   location) will be created per default
+
+   See bug #490744 for further details.
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog-8.27.0-fix-mmnormalize-tests.patch b/app-admin/rsyslog/files/8-stable/rsyslog-8.27.0-fix-mmnormalize-tests.patch
new file mode 100644
index 000000000000..6ef7e6426287
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/rsyslog-8.27.0-fix-mmnormalize-tests.patch
@@ -0,0 +1,23 @@
+https://github.com/rsyslog/rsyslog/pull/1791
+---
+ tests/Makefile.am | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -498,7 +498,6 @@ TESTS += msgvar-concurrency-array.sh \
+ 	mmnormalize_processing_test2.sh \
+ 	mmnormalize_processing_test3.sh \
+ 	mmnormalize_processing_test4.sh
+-endif
+ 
+ if ENABLE_IMPTCP
+ TESTS +=  \
+@@ -512,6 +511,7 @@ if LOGNORM_REGEX_SUPPORTED
+ TESTS += \
+ 	mmnormalize_regex.sh
+ endif
++endif
+ 
+ if ENABLE_MMJSONPARSE
+ TESTS += \
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog-8.32.0-fix-building-without-curl-r3.patch b/app-admin/rsyslog/files/8-stable/rsyslog-8.32.0-fix-building-without-curl-r3.patch
new file mode 100644
index 000000000000..534183a8ca29
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/rsyslog-8.32.0-fix-building-without-curl-r3.patch
@@ -0,0 +1,137 @@
+https://github.com/rsyslog/rsyslog/commit/d9475f133e3c79875a7c4ccd92038b7123c1f155
+https://github.com/rsyslog/rsyslog/commit/468eeb79b8da91fb71dfef6bfb25476b2a37f446
+https://github.com/rsyslog/rsyslog/commit/50205ced0fc22e74f26f2a07b557b69c5d30e168
+
+--- a/grammar/rainerscript.c
++++ b/grammar/rainerscript.c
+@@ -1935,6 +1935,7 @@ num2ipv4(struct svar *__restrict__ const sourceVal) {
+ 	return(estr);
+ }
+ 
++#ifdef HAVE_LIBCURL
+ /* curl callback for doFunc_http_request */
+ static size_t
+ curlResult(void *ptr, size_t size, size_t nmemb, void *userdata)
+@@ -2010,6 +2011,7 @@ doFunc_http_request(struct cnffunc *__restrict__ const func,
+ 	}
+ 	RETiRet;
+ }
++#endif
+ 
+ static int ATTR_NONNULL(1,3,4)
+ doFunc_is_time(const char *__restrict__ const str,
+@@ -2513,11 +2515,16 @@ doFuncCall(struct cnffunc *__restrict__ const func, struct svar *__restrict__ co
+ 		if(bMustFree2) free(str2);
+ 		break;
+ 	case CNFFUNC_HTTP_REQUEST:
++#ifdef HAVE_LIBCURL
+ 		cnfexprEval(func->expr[0], &r[0], usrptr, pWti);
+ 		str = (char*) var2CString(&r[0], &bMustFree);
+ 		doFunc_http_request(func, ret, str);
+ 		if(bMustFree) free(str);
+ 		varFreeMembers(&r[0]);
++#else
++		LogError(0, RS_RET_INTERNAL_ERROR,
++			"rainerscript: internal error: HTTP_Fetch not supported, not built with libcurl support");
++#endif
+ 		break;
+ 	default:
+ 		if(Debug) {
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -454,6 +454,8 @@ if test "$enable_libcurl" = "yes"; then
+ 	)
+ fi
+ 
++AM_CONDITIONAL(ENABLE_LIBCURL, test "x${enable_libcurl}" = "xyes")
++
+ # klog
+ AC_ARG_ENABLE(klog,
+         [AS_HELP_STRING([--enable-klog],[Integrated klog functionality @<:@default=yes@:>@])],
+
+--- a/tests/Makefile.am
++++ b/tests/Makefile.am
+@@ -226,7 +226,6 @@ TESTS +=  \
+ 	rscript_contains.sh \
+ 	rscript_bare_var_root.sh \
+ 	rscript_bare_var_root-empty.sh \
+-	rscript_http_request.sh \
+ 	rscript_ipv42num.sh \
+ 	rscript_field.sh \
+ 	rscript_stop.sh \
+@@ -305,7 +304,11 @@ TESTS +=  \
+ 	lookup_table_rscript_reload.sh \
+ 	lookup_table_rscript_reload_without_stub.sh \
+ 	multiple_lookup_tables.sh
+-endif
++if ENABLE_LIBCURL
++TESTS +=  \
++	rscript_http_request.sh
++endif # ENABLE_LIBCURL
++endif # ENABLE_TESTBENCH2
+ 
+ if HAVE_VALGRIND
+ TESTS +=  \
+@@ -313,7 +316,6 @@ TESTS +=  \
+ 	mmexternal-InvldProg-vg.sh \
+ 	internal-errmsg-memleak-vg.sh \
+ 	rscript_set_memleak-vg.sh \
+-	rscript_http_request-vg.sh \
+ 	no-parser-vg.sh \
+ 	discard-rptdmsg-vg.sh \
+ 	discard-allmark-vg.sh \
+@@ -338,6 +340,10 @@ TESTS +=  \
+ 	multiple_lookup_tables-vg.sh \
+ 	fac_local0-vg.sh \
+ 	rscript_trim-vg.sh
++if ENABLE_LIBCURL
++TESTS +=  \
++	rscript_http_request-vg.sh
++endif # ENABLE_LIBCURL
+ endif # HAVE_VALGRIND
+ 
+ if ENABLE_ROOT_TESTS
+
+--- a/grammar/Makefile.am
++++ b/grammar/Makefile.am
+@@ -12,8 +12,11 @@ libgrammar_la_SOURCES = \
+ 	parserif.h \
+ 	grammar.h
+ libgrammar_la_CPPFLAGS =  $(RSRT_CFLAGS) $(LIBLOGGING_STDLOG_CFLAGS)
+-#libgrammar_la_LIBADD = $(CURL_LIBS) $(RSRT_LIBS) $(SOL_LIBS)
+-libgrammar_la_LIBADD = $(CURL_LIBS)
++libgrammar_la_LIBADD =
++if ENABLE_LIBCURL
++libgrammar_la_CPPFLAGS += $(CURL_CFLAGS)
++libgrammar_la_LIBADD += $(CURL_LIBS)
++endif
+ 
+ #testdriver_SOURCES = testdriver.c libgrammar.la
+ #testdriver_CPPFLAGS =  $(RSRT_CFLAGS)
+
+--- a/plugins/omelasticsearch/Makefile.am
++++ b/plugins/omelasticsearch/Makefile.am
+@@ -1,7 +1,7 @@
+ pkglib_LTLIBRARIES = omelasticsearch.la
+ 
+ omelasticsearch_la_SOURCES = omelasticsearch.c
+-omelasticsearch_la_CPPFLAGS =  $(RSRT_CFLAGS) $(PTHREADS_CFLAGS)
++omelasticsearch_la_CPPFLAGS = $(RSRT_CFLAGS) $(PTHREADS_CFLAGS) $(CURL_CFLAGS)
+ omelasticsearch_la_LDFLAGS = -module -avoid-version
+ omelasticsearch_la_LIBADD =  $(CURL_LIBS) $(LIBM)
+ 
+--- a/grammar/rainerscript.c
++++ b/grammar/rainerscript.c
+@@ -36,7 +36,11 @@
+ #include <sys/types.h>
+ #include <libestr.h>
+ #include <time.h>
++
++#ifdef HAVE_LIBCURL
+ #include <curl/curl.h>
++#endif
++
+ #include "rsyslog.h"
+ #include "rainerscript.h"
+ #include "conf.h"
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog-8.34.0-fix-issue2612.patch b/app-admin/rsyslog/files/8-stable/rsyslog-8.34.0-fix-issue2612.patch
new file mode 100644
index 000000000000..4e9e566e84c7
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/rsyslog-8.34.0-fix-issue2612.patch
@@ -0,0 +1,13 @@
+https://github.com/rsyslog/rsyslog/issues/2612
+
+--- a/configure.ac
++++ b/configure.ac
+@@ -254,7 +254,7 @@ AC_LINK_IFELSE([AC_LANG_PROGRAM(, return __builtin_expect(main != 0, 1))],
+ # speeds up processig.
+ # note that when automic operations are enabled but not available, they
+ # will silently NOT be used!
+-AC_ARG_ENABLE(regexp,
++AC_ARG_ENABLE(atomic_operations,
+         [AS_HELP_STRING([--enable-atomic-operations],[Enable atomic operation support @<:@default=yes@:>@])],
+         [case "${enableval}" in
+          yes) enable_atomic_operations="yes" ;;
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog-8.35.0-fix-issue2719.patch b/app-admin/rsyslog/files/8-stable/rsyslog-8.35.0-fix-issue2719.patch
new file mode 100644
index 000000000000..8996acd27e88
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/rsyslog-8.35.0-fix-issue2719.patch
@@ -0,0 +1,241 @@
+Add missing files for mmkubernetes tests
+
+Upstream bug: https://github.com/rsyslog/rsyslog/pull/2719
+
+--- /dev/null
++++ b/tests/mmkubernetes-basic.out.json
+@@ -0,0 +1,110 @@
++[{
++  "kubernetes": {
++    "namespace_id": "namespace-name2-id",
++    "namespace_labels": {
++      "label_1_key": "label 1 value",
++      "label_with_empty_value": "",
++      "label_2_key": "label 2 value"
++    },
++    "creation_timestamp": "2018-04-09T21:56:39Z",
++    "pod_id": "pod-name2-id",
++    "labels": {
++      "custom_label": "pod-name2-label-value",
++      "deploymentconfig": "pod-name2-dc",
++      "component": "pod-name2-component",
++      "label_with_empty_value": "",
++      "deployment": "pod-name2-deployment"
++    },
++    "pod_name": "pod-name2",
++    "namespace_name": "namespace-name2",
++    "container_name": "container-name2",
++    "master_url": "http://localhost:18443"
++  },
++  "docker": {
++    "container_id": "id2"
++  }
++},
++{
++  "message": "a message from container 4",
++  "CONTAINER_NAME": "some-prefix_container-name4_pod-name4_namespace-name4_unused4_unused44",
++  "CONTAINER_ID_FULL": "id4",
++  "kubernetes": {
++    "namespace_id": "namespace-name4-id",
++    "namespace_labels": {
++      "label_1_key": "label 1 value",
++      "label_with_empty_value": "",
++      "label_2_key": "label 2 value"
++    },
++    "creation_timestamp": "2018-04-09T21:56:39Z",
++    "pod_id": "pod-name4-id",
++    "labels": {
++      "custom_label": "pod-name4-label-value",
++      "deploymentconfig": "pod-name4-dc",
++      "component": "pod-name4-component",
++      "label_with_empty_value": "",
++      "deployment": "pod-name4-deployment"
++    },
++    "pod_name": "pod-name4",
++    "namespace_name": "namespace-name4",
++    "container_name": "container-name4",
++    "master_url": "http://localhost:18443"
++  },
++  "docker": {
++    "container_id": "id4"
++  }
++},
++{
++  "kubernetes": {
++    "namespace_id": "namespace-name1-id",
++    "namespace_labels": {
++      "label_1_key": "label 1 value",
++      "label_with_empty_value": "",
++      "label_2_key": "label 2 value"
++    },
++    "creation_timestamp": "2018-04-09T21:56:39Z",
++    "pod_id": "pod-name1-id",
++    "labels": {
++      "custom_label": "pod-name1-label-value",
++      "deploymentconfig": "pod-name1-dc",
++      "component": "pod-name1-component",
++      "label_with_empty_value": "",
++      "deployment": "pod-name1-deployment"
++    },
++    "pod_name": "pod-name1",
++    "namespace_name": "namespace-name1",
++    "container_name": "container-name1",
++    "master_url": "http://localhost:18443"
++  },
++  "docker": {
++    "container_id": "id1"
++  }
++},
++{
++  "message": "a message from container 3",
++  "CONTAINER_NAME": "some-prefix_container-name3.container-hash3_pod-name3_namespace-name3_unused3_unused33",
++  "CONTAINER_ID_FULL": "id3",
++  "kubernetes": {
++    "namespace_id": "namespace-name3-id",
++    "namespace_labels": {
++      "label_1_key": "label 1 value",
++      "label_with_empty_value": "",
++      "label_2_key": "label 2 value"
++    },
++    "creation_timestamp": "2018-04-09T21:56:39Z",
++    "pod_id": "pod-name3-id",
++    "labels": {
++      "custom_label": "pod-name3-label-value",
++      "deploymentconfig": "pod-name3-dc",
++      "component": "pod-name3-component",
++      "label_with_empty_value": "",
++      "deployment": "pod-name3-deployment"
++    },
++    "pod_name": "pod-name3",
++    "namespace_name": "namespace-name3",
++    "container_name": "container-name3",
++    "master_url": "http://localhost:18443"
++  },
++  "docker": {
++    "container_id": "id3"
++  }
++}]
+--- /dev/null
++++ b/tests/mmkubernetes_test_server.py
+@@ -0,0 +1,121 @@
++# Used by the mmkubernetes tests
++# This is a simple http server which responds to kubernetes api requests
++# and responds with kubernetes api server responses
++# added 2018-04-06 by richm, released under ASL 2.0
++import os
++import json
++import sys
++
++try:
++    from http.server import HTTPServer, BaseHTTPRequestHandler
++except ImportError:
++    from BaseHTTPServer import HTTPServer, BaseHTTPRequestHandler
++
++ns_template = '''{{
++  "kind": "Namespace",
++  "apiVersion": "v1",
++  "metadata": {{
++    "name": "{namespace_name}",
++    "selfLink": "/api/v1/namespaces/{namespace_name}",
++    "uid": "{namespace_name}-id",
++    "resourceVersion": "2988",
++    "creationTimestamp": "2018-04-09T21:56:39Z",
++    "labels": {{
++      "label.1.key":"label 1 value",
++      "label.2.key":"label 2 value",
++      "label.with.empty.value":""
++    }},
++    "annotations": {{
++      "k8s.io/description": "",
++      "k8s.io/display-name": "",
++      "k8s.io/node-selector": "",
++      "k8s.io/sa.scc.mcs": "s0:c9,c4",
++      "k8s.io/sa.scc.supplemental-groups": "1000080000/10000",
++      "k8s.io/sa.scc.uid-range": "1000080000/10000",
++      "quota.k8s.io/cluster-resource-override-enabled": "false"
++    }}
++  }},
++  "spec": {{
++    "finalizers": [
++      "openshift.io/origin",
++      "kubernetes"
++    ]
++  }},
++  "status": {{
++    "phase": "Active"
++  }}
++}}'''
++
++pod_template = '''{{
++  "kind": "Pod",
++  "apiVersion": "v1",
++  "metadata": {{
++    "name": "{pod_name}",
++    "generateName": "{pod_name}-prefix",
++    "namespace": "{namespace_name}",
++    "selfLink": "/api/v1/namespaces/{namespace_name}/pods/{pod_name}",
++    "uid": "{pod_name}-id",
++    "resourceVersion": "3486",
++    "creationTimestamp": "2018-04-09T21:56:39Z",
++    "labels": {{
++      "component": "{pod_name}-component",
++      "deployment": "{pod_name}-deployment",
++      "deploymentconfig": "{pod_name}-dc",
++      "custom.label": "{pod_name}-label-value",
++      "label.with.empty.value":""
++    }},
++    "annotations": {{
++      "k8s.io/deployment-config.latest-version": "1",
++      "k8s.io/deployment-config.name": "{pod_name}-dc",
++      "k8s.io/deployment.name": "{pod_name}-deployment",
++      "k8s.io/custom.name": "custom value",
++      "annotation.with.empty.value":""
++    }}
++  }},
++  "status": {{
++    "phase": "Running",
++    "hostIP": "172.18.4.32",
++    "podIP": "10.128.0.14",
++    "startTime": "2018-04-09T21:57:39Z"
++  }}
++}}'''
++
++class SimpleHTTPRequestHandler(BaseHTTPRequestHandler):
++
++    def do_GET(self):
++        # "http://localhost:18443/api/v1/namespaces/namespace-name2"
++        # parse url - either /api/v1/namespaces/$ns_name
++        # or
++        # /api/v1/namespaces/$ns_name/pods/$pod_name
++        comps = self.path.split('/')
++        status = 400
++        if len(comps) >= 5 and comps[1] == 'api' and comps[2] == 'v1':
++            if len(comps) == 5 and comps[3] == 'namespaces': # namespace
++                resp = ns_template.format(namespace_name=comps[4])
++                status = 200
++            elif len(comps) == 7 and comps[3] == 'namespaces' and comps[5] == 'pods':
++                resp = pod_template.format(namespace_name=comps[4], pod_name=comps[6])
++                status = 200
++            else:
++                resp = '{{"error":"do not recognize {0}"}}'.format(self.path)
++        else:
++            resp = '{{"error":"do not recognize {0}"}}'.format(self.path)
++        if not status == 200:
++            self.log_error(resp)
++        self.send_response(status)
++        self.end_headers()
++        self.wfile.write(json.dumps(json.loads(resp), separators=(',',':')))
++
++port = int(sys.argv[1])
++
++httpd = HTTPServer(('localhost', port), SimpleHTTPRequestHandler)
++
++# write "started" to file named in argv[3]
++with open(sys.argv[3], "w") as ff:
++    ff.write("started\n")
++
++# write pid to file named in argv[2]
++with open(sys.argv[2], "w") as ff:
++    ff.write('{0}\n'.format(os.getpid()))
++
++httpd.serve_forever()
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog-8.35.0-fix-issue2726.patch b/app-admin/rsyslog/files/8-stable/rsyslog-8.35.0-fix-issue2726.patch
new file mode 100644
index 000000000000..eaec239c3839
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/rsyslog-8.35.0-fix-issue2726.patch
@@ -0,0 +1,41 @@
+From c1791ee90fdd8adf219ae3d2b849f5f041284b7c Mon Sep 17 00:00:00 2001
+From: Rich Megginson <rmeggins@redhat.com>
+Date: Thu, 17 May 2018 18:38:25 -0600
+Subject: [PATCH] mmkubernetes test python must encode response
+
+https://github.com/rsyslog/rsyslog/issues/2721
+Was not working on python3 - must use `encode()` to convert the
+string to a `bytes` object.
+Also run the server with python -u to make sure we get the log
+output from the kubernetes test server.
+---
+ tests/mmkubernetes-basic.sh       | 2 +-
+ tests/mmkubernetes_test_server.py | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/tests/mmkubernetes-basic.sh b/tests/mmkubernetes-basic.sh
+index 0bbfd08ca..d320c343f 100755
+--- a/tests/mmkubernetes-basic.sh
++++ b/tests/mmkubernetes-basic.sh
+@@ -4,7 +4,7 @@
+ . $srcdir/diag.sh init
+ 
+ testsrv=mmk8s-test-server
+-python ./mmkubernetes_test_server.py 18443 rsyslog${testsrv}.pid rsyslogd${testsrv}.started > mmk8s_srv.log 2>&1 &
++python -u ./mmkubernetes_test_server.py 18443 rsyslog${testsrv}.pid rsyslogd${testsrv}.started > mmk8s_srv.log 2>&1 &
+ BGPROCESS=$!
+ . $srcdir/diag.sh wait-startup $testsrv
+ echo background mmkubernetes_test_server.py process id is $BGPROCESS
+diff --git a/tests/mmkubernetes_test_server.py b/tests/mmkubernetes_test_server.py
+index 0de215603..24f4e1b0e 100644
+--- a/tests/mmkubernetes_test_server.py
++++ b/tests/mmkubernetes_test_server.py
+@@ -104,7 +104,7 @@ def do_GET(self):
+             self.log_error(resp)
+         self.send_response(status)
+         self.end_headers()
+-        self.wfile.write(json.dumps(json.loads(resp), separators=(',',':')))
++        self.wfile.write(json.dumps(json.loads(resp), separators=(',',':')).encode())
+ 
+ port = int(sys.argv[1])
+ 
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog-r1.logrotate b/app-admin/rsyslog/files/8-stable/rsyslog-r1.logrotate
new file mode 100644
index 000000000000..3a92ba37bdec
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/rsyslog-r1.logrotate
@@ -0,0 +1,45 @@
+# Uncomment the following directive if you have re-enabled
+# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf"
+#/var/log/syslog
+#{
+#	rotate 7
+#	daily
+#	missingok
+#	notifempty
+#	delaycompress
+#	compress
+#	postrotate
+#		if type -p systemctl 2>&1 1>/dev/null && systemctl is-system-running 2>&1 1>/dev/null ; then
+#			systemctl kill -s HUP rsyslog.service
+#		else
+#			test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) 2>&1 1>/dev/null
+#		fi
+#	endscript
+#}
+
+/var/log/auth.log
+/var/log/cron.log
+/var/log/daemon.log
+/var/log/kern.log
+/var/log/lpr.log
+/var/log/mail.log
+/var/log/news.log
+/var/log/user.log
+/var/log/debug.log
+/var/log/messages
+{
+	rotate 4
+	weekly
+	missingok
+	notifempty
+	compress
+	delaycompress
+	sharedscripts
+	postrotate
+		if type -p systemctl 2>&1 1>/dev/null && systemctl is-system-running 2>&1 1>/dev/null ; then
+			systemctl kill -s HUP rsyslog.service
+		else
+			test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) 2>&1 1>/dev/null
+		fi
+	endscript
+}
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog.conf b/app-admin/rsyslog/files/8-stable/rsyslog.conf
new file mode 100644
index 000000000000..da484598a652
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/rsyslog.conf
@@ -0,0 +1,61 @@
+# /etc/rsyslog.conf
+# 
+# This configuration is based on RainerScript, the new recommended syntax
+# for RSYSLOG. See http://www.rsyslog.com/doc/rainerscript.html for further
+# details.
+# 
+# But if you don't want to learn something new at moment, don't worry: The
+# legacy syntax is still supported.
+# 
+# You may want to use the new RSYSLOG configuration builder to create your
+# own more advanced configuration: http://www.rsyslog.com/rsyslog-configuration-builder/
+
+# Check config syntax on startup and abort if unclean (default: off)
+#$AbortOnUncleanConfig on
+
+
+###############
+### MODULES ###
+###############
+
+# Read syslog messages from default Unix socket /dev/log (e.g. via logger command)
+module(load="imuxsock")
+
+# Read messages from the kernel log and submits them to the syslog engine
+module(load="imklog")
+
+# Inject "--MARK--" messages every $Interval (seconds)
+#module(load="immark" Interval="600")
+
+# Read syslog messages from UDP
+#module(load="imudp")
+#input(type="imudp" port="514")
+
+# Read syslog messages from TCP
+#module(load="imtcp")
+#input(type="imtcp" port="514")
+
+
+#########################
+### GLOBAL DIRECTIVES ###
+#########################
+
+# Where to place spool and state files
+$WorkDirectory /var/spool/rsyslog
+
+# Reduce repeating messages (default: off)
+#$RepeatedMsgReduction on
+
+# Set defaults for every output file
+$Umask 0022
+
+module(
+	load="builtin:omfile"
+	Template="RSYSLOG_TraditionalFileFormat"
+	FileCreateMode="0644"
+	DirCreateMode="0755"
+)
+
+
+# Include all conf files in /etc/rsyslog.d/
+$IncludeConfig /etc/rsyslog.d/*.conf
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog.confd-r1 b/app-admin/rsyslog/files/8-stable/rsyslog.confd-r1
new file mode 100644
index 000000000000..da48c01cd407
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/rsyslog.confd-r1
@@ -0,0 +1,30 @@
+# /etc/conf.d/rsyslog
+
+# Configuration file
+#RSYSLOG_CONFIGFILE="/etc/rsyslog.conf"
+
+# PID file
+# If you should ever change this, remember to update
+# "/etc/logrotate.d/rsyslog", too.
+#RSYSLOG_PIDFILE="/run/rsyslogd.pid"
+
+# You can use this configuration option to pass additional options to the
+# start-stop-daemon, see start-stop-daemon(8) for more details.
+# Per default we wait 1000ms after we have started the service to ensure
+# that the daemon is really up and running.
+#RSYSLOG_SSDARGS="--wait 1000"
+
+# The termination timeout (start-stop-daemon parameter "retry") ensures
+# that the service will be terminated within a given time (60 + 5 seconds
+# per default) when you are stopping the service.
+# You need to increase the value when you are working with a large queue.
+# See http://www.rsyslog.com/doc/queues.html for further information.
+#RSYSLOG_TERMTIMEOUT="TERM/60/KILL/5"
+
+
+# Options to rsyslogd
+# See rsyslogd(8) for more details
+# Notes:
+# * Do not specify another PIDFILE but use the variable above to change the location
+# * Do not specify another CONFIGFILE but use the variable above to change the location
+#RSYSLOG_OPTS=""
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog.initd-r1 b/app-admin/rsyslog/files/8-stable/rsyslog.initd-r1
new file mode 100644
index 000000000000..7d7aa4bc9313
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/rsyslog.initd-r1
@@ -0,0 +1,72 @@
+#!/sbin/openrc-run
+# Copyright 1999-2015 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+RSYSLOG_CONFIGFILE=${RSYSLOG_CONFIGFILE:-"/etc/rsyslog.conf"}
+RSYSLOG_PIDFILE=${RSYSLOG_PIDFILE:-"/run/rsyslogd.pid"}
+RSYSLOG_SSDARGS=${RSYSLOG_SSDARGS:-"--wait 1000"}
+RSYSLOG_TERMTIMEOUT=${RSYSLOG_TERMTIMEOUT:-"TERM/60/KILL/5"}
+RSYSLOG_OPTS=${RSYSLOG_OPTS:-""}
+
+command="/usr/sbin/rsyslogd"
+command_args="${RSYSLOG_OPTS} -f \"${RSYSLOG_CONFIGFILE}\" -i \"${RSYSLOG_PIDFILE}\""
+start_stop_daemon_args="${RSYSLOG_SSDARGS}"
+pidfile="${RSYSLOG_PIDFILE}"
+retry="${RSYSLOG_TERMTIMEOUT}"
+
+required_files="${RSYSLOG_CONFIGFILE}"
+
+description="RSYSLOG is the rocket-fast system for log processing (syslog replacement)."
+
+extra_commands="configtest"
+extra_started_commands="rotate"
+
+description_configtest="Run rsyslogd's internal config check."
+
+description_rotate="Sends rsyslogd a signal to re-open its log files."
+
+depend() {
+	need clock hostname localmount
+	provide logger
+}
+
+start_pre() {
+	if [ "${RC_CMD}" != "restart" ]; then
+		configtest || return 1
+	fi
+}
+
+stop_pre() {
+	if [ "${RC_CMD}" = "restart" ]; then
+		configtest || return 1
+	fi
+}
+
+stop_post() {
+	if [ -f "${RSYSLOG_PIDFILE}" ]; then
+		vebegin "Removing stale PID file"
+		rm --force "${RSYSLOG_PIDFILE}"
+		veend $?
+	fi
+}
+
+configtest() {
+	local _command_args="-N 999 -f \"${RSYSLOG_CONFIGFILE}\""
+	local _retval=0
+
+	ebegin "Checking rsyslogd's configuration"
+	eval ${command} ${_command_args} >/dev/null 2>&1
+	_retval=$?
+
+	if [ ${_retval} -ne 0 ]; then
+		eval ${command} ${_command_args}
+	fi
+
+	eend ${_retval} "failed, please correct errors above"
+}
+
+rotate() {
+	ebegin "Re-opening rsyslogd logs"
+	start-stop-daemon --signal SIGHUP --pidfile "${RSYSLOG_PIDFILE}"
+	eend $?
+}
diff --git a/app-admin/rsyslog/files/8-stable/rsyslog.logrotate b/app-admin/rsyslog/files/8-stable/rsyslog.logrotate
new file mode 100644
index 000000000000..1eae30e0d741
--- /dev/null
+++ b/app-admin/rsyslog/files/8-stable/rsyslog.logrotate
@@ -0,0 +1,37 @@
+# Uncomment the following directive if you have re-enabled
+# "/var/log/syslog" in "/etc/rsyslog.d/50-default.conf"
+#/var/log/syslog
+#{
+#	rotate 7
+#	daily
+#	missingok
+#	notifempty
+#	delaycompress
+#	compress
+#	postrotate
+#		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+#	endscript
+#}
+
+/var/log/auth.log
+/var/log/cron.log
+/var/log/daemon.log
+/var/log/kern.log
+/var/log/lpr.log
+/var/log/mail.log
+/var/log/news.log
+/var/log/user.log
+/var/log/debug.log
+/var/log/messages
+{
+	rotate 4
+	weekly
+	missingok
+	notifempty
+	compress
+	delaycompress
+	sharedscripts
+	postrotate
+		test -r /run/rsyslogd.pid && kill -HUP $(cat /run/rsyslogd.pid) &>/dev/null
+	endscript
+}
diff --git a/app-admin/rsyslog/metadata.xml b/app-admin/rsyslog/metadata.xml
new file mode 100644
index 000000000000..5075171a3708
--- /dev/null
+++ b/app-admin/rsyslog/metadata.xml
@@ -0,0 +1,45 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<maintainer type="person">
+		<email>whissi@gentoo.org</email>
+		<name>Thomas Deutschmann</name>
+	</maintainer>
+	<use>
+		<flag name="curl">Enable http_request() function in RainerScript (requires <pkg>net-misc/curl</pkg>)</flag>
+		<flag name="dbi">Build the general database output module (requires <pkg>dev-db/libdbi</pkg>)</flag>
+		<flag name="elasticsearch">Build the Elasticsearch output module (requires <pkg>net-misc/curl</pkg>)</flag>
+		<flag name="gcrypt">Add support for encrypted log files using <pkg>dev-libs/libgcrypt</pkg></flag>
+		<flag name="gnutls">Build the GnuTLS network stream driver (requires <pkg>net-libs/gnutls</pkg>)</flag>
+		<flag name="grok">Build the grok modify module (requires <pkg>dev-libs/grok</pkg>)</flag>
+		<flag name="jemalloc">Use <pkg>dev-libs/jemalloc</pkg> for allocations.</flag>
+		<flag name="kafka">Build the Apache Kafka input/output module (requires <pkg>dev-libs/librdkafka</pkg>)</flag>
+		<flag name="kerberos">Build the GSSAPI input and output module (requires <pkg>virtual/krb5</pkg>)</flag>
+		<flag name="kubernetes">Build the kubernetes modify plugin (requires <pkg>net-misc/curl</pkg>)</flag>
+		<flag name="libressl">Use <pkg>dev-libs/libressl</pkg> instead of <pkg>dev-libs/openssl</pkg> (you still need to enable functionality which requires OpenSSL)</flag>
+		<flag name="mdblookup">Build the MaxMind DB lookup message modify plugin using <pkg>dev-libs/libmaxminddb</pkg></flag>
+		<flag name="mongodb">Build the MongoDB output module (requires <pkg>dev-libs/libmongo-client</pkg>)</flag>
+		<flag name="mysql">Build the MySQL database output module (requires <pkg>virtual/mysql</pkg>)</flag>
+		<flag name="normalize">Build the normalize modify module (requires <pkg>dev-libs/libee</pkg> and <pkg>dev-libs/liblognorm</pkg>)</flag>
+		<flag name="omhttpfs">Build the httpfs output module (requires <pkg>net-misc/curl</pkg>)</flag>
+		<flag name="omudpspoof">Build the udpspoof output module (requires <pkg>net-libs/libnet</pkg>)</flag>
+		<flag name="openssl">Build the OpenSSL network stream driver (requires <pkg>dev-libs/openssl</pkg>)</flag>
+		<flag name="postgres">Build the PostgreSQL database output module (requires <pkg>dev-db/postgresql</pkg>)</flag>
+		<flag name="rabbitmq">Build the RabbitMQ output module (requires <pkg>net-libs/rabbitmq-c</pkg>)</flag>
+		<flag name="redis">Build the Redis output module using (requires <pkg>dev-libs/hiredis</pkg>)</flag>
+		<flag name="relp">Build the Reliable Event Logging Protocol (RELP) output module (requires <pkg>dev-libs/librelp</pkg>)</flag>
+		<flag name="rfc3195">Build the rfc3195 input module (requires <pkg>dev-libs/liblogging</pkg>)</flag>
+		<flag name="rfc5424hmac">Build the rfc5424hmac modify module (requires <pkg>dev-libs/openssl</pkg> or <pkg>dev-libs/libressl</pkg>)</flag>
+		<flag name="snmp">Build the snmp modify and output module (requires <pkg>net-analyzer/net-snmp</pkg>)</flag>
+		<flag name="ssl">Add support for encrypted client/server communication (requires <pkg>net-libs/gnutls</pkg>)</flag>
+		<flag name="systemd">Build the journal input and output module (requires <pkg>sys-apps/systemd</pkg>)</flag>
+		<flag name="uuid">Include UUIDs in messages (requires <pkg>sys-apps/util-linux</pkg>)</flag>
+		<flag name="usertools">Installs the user tools (rsgtutil, rscryutil...) corresponding to the set USE flags</flag>
+		<flag name="xxhash">Enable xxHash support in fmhash module (requires <pkg>dev-libs/xxhash</pkg>)</flag>
+		<flag name="zeromq">Build the ZeroMQ input and output modules (requires <pkg>net-libs/czmq</pkg>)</flag>
+	</use>
+	<upstream>
+		<bugs-to>https://github.com/rsyslog/rsyslog/issues</bugs-to>
+		<remote-id type="cpe">cpe:/a:rsyslog:rsyslog</remote-id>
+	</upstream>
+</pkgmetadata>
diff --git a/app-admin/rsyslog/rsyslog-8.28.0-r1.ebuild b/app-admin/rsyslog/rsyslog-8.28.0-r1.ebuild
new file mode 100644
index 000000000000..7a47099a780b
--- /dev/null
+++ b/app-admin/rsyslog/rsyslog-8.28.0-r1.ebuild
@@ -0,0 +1,451 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+
+inherit autotools eutils linux-info systemd
+
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
+HOMEPAGE="https://www.rsyslog.com/"
+
+BRANCH="8-stable"
+
+if [[ ${PV} == "9999" ]]; then
+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
+
+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
+
+	inherit git-r3
+else
+	MY_PV=${PV%_rc*}
+	MY_FILENAME="${PN}-${PV}.tar.gz"
+	MY_FILENAME_DOCS="${PN}-docs-${PV}.tar.gz"
+	S="${WORKDIR}/${PN}-${MY_PV}"
+
+	# Upstream URL schema:
+	# RC:      http://www.rsyslog.com/files/download/rsyslog/rc/rsyslog-8.18.0.tar.gz
+	#          http://www.rsyslog.com/files/download/rsyslog/rc2/rsyslog-8.18.0.tar.gz
+	# Release: http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.18.0.tar.gz
+
+	MY_URL_PREFIX=
+	if [[ ${PV} = *_rc* ]]; then
+		_tmp_last_index=$(($(get_last_version_component_index ${PV})+1))
+		_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${PV})
+		if [[ ${_tmp_suffix} = *rc* ]]; then
+			MY_URL_PREFIX="${_tmp_suffix}/"
+		fi
+
+		# Cleaning up temporary variables
+		unset _tmp_last_index
+		unset _tmp_suffix
+	else
+		KEYWORDS="hppa"
+	fi
+
+	SRC_URI="
+		https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-${MY_PV}.tar.gz -> ${MY_FILENAME}
+		doc? ( https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-doc-${MY_PV}.tar.gz -> ${MY_FILENAME_DOCS} )
+	"
+
+	PATCHES=( "${FILESDIR}"/8-stable/${PN}-8.27.0-fix-mmnormalize-tests.patch )
+fi
+
+LICENSE="GPL-3 LGPL-3 Apache-2.0"
+SLOT="0"
+IUSE="dbi debug doc elasticsearch +gcrypt grok jemalloc kafka kerberos libressl mdblookup mongodb mysql normalize omhttpfs"
+IUSE+=" omudpspoof postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid zeromq"
+
+RDEPEND="
+	>=dev-libs/libfastjson-0.99.3:=
+	>=dev-libs/libestr-0.1.9
+	>=dev-libs/liblogging-1.0.1:=[stdlog]
+	>=sys-libs/zlib-1.2.5
+	dbi? ( >=dev-db/libdbi-0.8.3 )
+	elasticsearch? ( >=net-misc/curl-7.35.0 )
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
+	grok? ( >=dev-libs/grok-0.9.2 )
+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
+	kerberos? ( virtual/krb5 )
+	mdblookup? ( dev-libs/libmaxminddb:= )
+	mongodb? ( >=dev-libs/libmongo-client-0.1.4 )
+	mysql? ( virtual/libmysqlclient:= )
+	normalize? (
+		>=dev-libs/libee-0.4.0
+		>=dev-libs/liblognorm-2.0.3:=
+	)
+	omhttpfs? ( >=net-misc/curl-7.35.0 )
+	omudpspoof? ( >=net-libs/libnet-1.1.6 )
+	postgres? ( >=dev-db/postgresql-8.4.20:= )
+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
+	redis? ( >=dev-libs/hiredis-0.11.0:= )
+	relp? ( >=dev-libs/librelp-1.2.14:= )
+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
+	rfc5424hmac? (
+		!libressl? ( >=dev-libs/openssl-0.9.8y:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
+	ssl? ( >=net-libs/gnutls-2.12.23:0= )
+	systemd? ( >=sys-apps/systemd-208 )
+	uuid? ( sys-apps/util-linux:0= )
+	zeromq? (
+		>=net-libs/zeromq-4.1.1:=
+		>=net-libs/czmq-3.0.0
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/autoconf-archive-2015.02.24
+	virtual/pkgconfig
+	test? ( sys-libs/libfaketime )"
+
+if [[ ${PV} == "9999" ]]; then
+	DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
+	DEPEND+=" >=sys-devel/flex-2.5.39-r1"
+	DEPEND+=" >=sys-devel/bison-2.4.3"
+	DEPEND+=" >=dev-python/docutils-0.12"
+fi
+
+CONFIG_CHECK="~INOTIFY_USER"
+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
+
+src_unpack() {
+	if [[ ${PV} == "9999" ]]; then
+		git-r3_fetch
+		git-r3_checkout
+	else
+		unpack ${P}.tar.gz
+	fi
+
+	if use doc; then
+		if [[ ${PV} == "9999" ]]; then
+			local _EGIT_BRANCH=
+			if [[ -n "${EGIT_BRANCH}" ]]; then
+				# Cannot use rsyslog commits/branches for documentation repository
+				_EGIT_BRANCH=${EGIT_BRANCH}
+				unset EGIT_BRANCH
+			fi
+
+			git-r3_fetch "${DOC_REPO_URI}"
+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
+
+			if [[ -n "${_EGIT_BRANCH}" ]]; then
+				# Restore previous EGIT_BRANCH information
+				EGIT_BRANCH=${_EGIT_BRANCH}
+			fi
+		else
+			cd "${S}" || die "Cannot change dir into '${S}'"
+			mkdir docs || die "Failed to create docs directory"
+			cd docs || die "Failed to change dir into '${S}/docs'"
+			unpack ${MY_FILENAME_DOCS}
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	# Maintainer notes:
+	# * Guardtime support is missing because libgt isn't yet available
+	#   in portage.
+	# * Hadoop's HDFS file system output module is currently not
+	#   supported in Gentoo because nobody is able to test it
+	#   (JAVA dependency).
+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
+	#   upstream PR 129 and 136) so we need to export HIREDIS_*
+	#   variables because rsyslog's build system depends on pkg-config.
+
+	if use redis; then
+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
+	fi
+
+	local myeconfargs=(
+		--disable-debug-symbols
+		--disable-generate-man-pages
+		--without-valgrind-testbench
+		$(use_enable test testbench)
+		# Input Plugins without depedencies
+		--enable-imdiag
+		--enable-imfile
+		--enable-impstats
+		--enable-imptcp
+		# Message Modificiation Plugins without depedencies
+		--enable-mmanon
+		--enable-mmaudit
+		--enable-mmcount
+		--enable-mmfields
+		--enable-mmjsonparse
+		--enable-mmpstrucdata
+		--enable-mmrm1stspace
+		--enable-mmsequence
+		--enable-mmutf8fix
+		# Output Modification Plugins without dependencies
+		--enable-mail
+		--enable-omprog
+		--enable-omruleset
+		--enable-omstdout
+		--enable-omuxsock
+		# Misc
+		--enable-pmaixforwardedfrom
+		--enable-pmciscoios
+		--enable-pmcisconames
+		--enable-pmlastmsg
+		--enable-pmsnare
+		# DB
+		$(use_enable dbi libdbi)
+		$(use_enable mongodb ommongodb)
+		$(use_enable mysql)
+		$(use_enable postgres pgsql)
+		$(use_enable redis omhiredis)
+		# Debug
+		$(use_enable debug)
+		$(use_enable debug diagtools)
+		$(use_enable debug memcheck)
+		$(use_enable debug rtinst)
+		$(use_enable debug valgrind)
+		# Misc
+		$(use_enable elasticsearch)
+		$(use_enable gcrypt libgcrypt)
+		$(use_enable jemalloc)
+		$(use_enable kafka imkafka)
+		$(use_enable kafka omkafka)
+		$(use_enable kerberos gssapi-krb5)
+		$(use_enable normalize mmnormalize)
+		$(use_enable mdblookup mmdblookup)
+		$(use_enable grok mmgrok)
+		$(use_enable omhttpfs)
+		$(use_enable omudpspoof)
+		$(use_enable rabbitmq omrabbitmq)
+		$(use_enable relp)
+		$(use_enable rfc3195)
+		$(use_enable rfc5424hmac mmrfc5424addhmac)
+		$(use_enable snmp)
+		$(use_enable snmp mmsnmptrapd)
+		$(use_enable ssl gnutls)
+		$(use_enable systemd imjournal)
+		$(use_enable systemd omjournal)
+		$(use_enable usertools)
+		$(use_enable uuid)
+		$(use_enable zeromq imczmq)
+		$(use_enable zeromq imzmq3)
+		$(use_enable zeromq omczmq)
+		$(use_enable zeromq omzmq3)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use doc && [[ "${PV}" == "9999" ]]; then
+		einfo "Building documentation ..."
+		local doc_dir="${S}/docs"
+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"
+		sphinx-build -b html source build || die "Building documentation failed!"
+	fi
+}
+
+src_test() {
+	local _has_increased_ulimit=
+
+	# Sometimes tests aren't executable (i.e. when added via patch)
+	einfo "Adjusting permissions of test scripts ..."
+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \
+		die "Failed to adjust test scripts permission"
+
+	if ulimit -n 3072; then
+		_has_increased_ulimit="true"
+	fi
+
+	if ! emake --jobs 1 check; then
+		eerror "Test suite failed! :("
+
+		if [[ -z "${_has_increased_ulimit}" ]]; then
+			eerror "Probably because open file limit couldn't be set to 3072."
+		fi
+
+		if has userpriv ${FEATURES}; then
+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
+				"before you submit a bug report."
+		fi
+
+	fi
+}
+
+src_install() {
+	local DOCS=(
+		AUTHORS
+		ChangeLog
+		"${FILESDIR}"/${BRANCH}/README.gentoo
+	)
+
+	use doc && local HTML_DOCS=( "${S}/docs/build/." )
+
+	default
+
+	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN}
+	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN}
+
+	keepdir /var/empty/dev
+	keepdir /var/spool/${PN}
+	keepdir /etc/ssl/${PN}
+	keepdir /etc/${PN}.d
+
+	insinto /etc
+	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
+
+	insinto /etc/rsyslog.d/
+	doins "${FILESDIR}/${BRANCH}/50-default.conf"
+
+	insinto /etc/logrotate.d/
+	newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN}
+
+	if use mysql; then
+		insinto /usr/share/doc/${PF}/scripts/mysql
+		doins plugins/ommysql/createDB.sql
+	fi
+
+	if use postgres; then
+		insinto /usr/share/doc/${PF}/scripts/pgsql
+		doins plugins/ompgsql/createDB.sql
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	local advertise_readme=0
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		advertise_readme=1
+
+		if use mysql || use postgres; then
+			echo
+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
+			elog "  /usr/share/doc/${PF}/scripts"
+		fi
+
+		if use ssl; then
+			echo
+			elog "To create a default CA and certificates for your server and clients, run:"
+			elog "  emerge --config =${PF}"
+			elog "on your logging server. You can run it several times,"
+			elog "once for each logging client. The client certificates will be signed"
+			elog "using the CA certificate generated during the first run."
+		fi
+	fi
+
+	if [[ ${advertise_readme} -gt 0 ]]; then
+		# We need to show the README file location
+
+		echo ""
+		elog "Please read"
+		elog ""
+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
+		elog ""
+		elog "for more details."
+	fi
+}
+
+pkg_config() {
+	if ! use ssl ; then
+		einfo "There is nothing to configure for rsyslog unless you"
+		einfo "used USE=ssl to build it."
+		return 0
+	fi
+
+	# Make sure the certificates directory exists
+	local CERTDIR="${EROOT}/etc/ssl/${PN}"
+	if [[ ! -d "${CERTDIR}" ]]; then
+		mkdir "${CERTDIR}" || die
+	fi
+	einfo "Your certificates will be stored in ${CERTDIR}"
+
+	# Create a default CA if needed
+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = Portage automated CA
+		ca
+		cert_signing_key
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-self-signed \
+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		# Create the server certificate
+		echo
+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
+		read -r CN
+
+		einfo "Creating private key and certificate for server ${CN}..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = ${CN}
+		tls_www_server
+		dns_name = ${CN}
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-certificate \
+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	else
+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
+	fi
+
+	# Create a client certificate
+	echo
+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
+	read -r CN
+
+	einfo "Creating private key and certificate for client ${CN}..."
+	certtool --generate-privkey \
+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+	cat > "${T}/${PF}.$$" <<- _EOF
+	cn = ${CN}
+	tls_www_client
+	dns_name = ${CN}
+	expiration_days = 3650
+	_EOF
+
+	certtool --generate-certificate \
+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+		--template "${T}/${PF}.$$" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	rm -f "${T}/${PF}.$$"
+
+	echo
+	einfo "Here is the documentation on how to encrypt your log traffic:"
+	einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"
+}
diff --git a/app-admin/rsyslog/rsyslog-8.32.0-r4.ebuild b/app-admin/rsyslog/rsyslog-8.32.0-r4.ebuild
new file mode 100644
index 000000000000..8174b04b23ed
--- /dev/null
+++ b/app-admin/rsyslog/rsyslog-8.32.0-r4.ebuild
@@ -0,0 +1,459 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit autotools eutils linux-info python-any-r1 systemd
+
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
+HOMEPAGE="https://www.rsyslog.com/"
+
+BRANCH="8-stable"
+
+if [[ ${PV} == "9999" ]]; then
+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
+
+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
+
+	inherit git-r3
+else
+	MY_PV=${PV%_rc*}
+	MY_FILENAME="${PN}-${PV}.tar.gz"
+	MY_FILENAME_DOCS="${PN}-docs-${PV}.tar.gz"
+	S="${WORKDIR}/${PN}-${MY_PV}"
+
+	# Upstream URL schema:
+	# RC:      http://www.rsyslog.com/files/download/rsyslog/rc/rsyslog-8.18.0.tar.gz
+	#          http://www.rsyslog.com/files/download/rsyslog/rc2/rsyslog-8.18.0.tar.gz
+	# Release: http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.18.0.tar.gz
+
+	MY_URL_PREFIX=
+	if [[ ${PV} = *_rc* ]]; then
+		_tmp_last_index=$(($(get_last_version_component_index ${PV})+1))
+		_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${PV})
+		if [[ ${_tmp_suffix} = *rc* ]]; then
+			MY_URL_PREFIX="${_tmp_suffix}/"
+		fi
+
+		# Cleaning up temporary variables
+		unset _tmp_last_index
+		unset _tmp_suffix
+	else
+		KEYWORDS="amd64 arm ~arm64 ~hppa x86"
+	fi
+
+	SRC_URI="
+		https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-${MY_PV}.tar.gz -> ${MY_FILENAME}
+		doc? ( https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-doc-${MY_PV}.tar.gz -> ${MY_FILENAME_DOCS} )
+	"
+
+	PATCHES=( "${FILESDIR}"/8-stable/${PN}-8.32.0-fix-building-without-curl-r3.patch )
+fi
+
+LICENSE="GPL-3 LGPL-3 Apache-2.0"
+SLOT="0"
+IUSE="curl dbi debug doc elasticsearch +gcrypt grok jemalloc kafka kerberos libressl mdblookup mongodb mysql normalize omhttpfs"
+IUSE+=" omudpspoof postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid zeromq"
+
+RDEPEND="
+	>=dev-libs/libfastjson-0.99.8:=
+	>=dev-libs/libestr-0.1.9
+	>=dev-libs/liblogging-1.0.1:=[stdlog]
+	>=sys-libs/zlib-1.2.5
+	curl? ( >=net-misc/curl-7.35.0 )
+	dbi? ( >=dev-db/libdbi-0.8.3 )
+	elasticsearch? ( >=net-misc/curl-7.35.0 )
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
+	grok? ( >=dev-libs/grok-0.9.2 )
+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
+	kerberos? ( virtual/krb5 )
+	mdblookup? ( dev-libs/libmaxminddb:= )
+	mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
+	mysql? ( virtual/libmysqlclient:= )
+	normalize? (
+		>=dev-libs/libee-0.4.0
+		>=dev-libs/liblognorm-2.0.3:=
+	)
+	omhttpfs? ( >=net-misc/curl-7.35.0 )
+	omudpspoof? ( >=net-libs/libnet-1.1.6 )
+	postgres? ( >=dev-db/postgresql-8.4.20:= )
+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
+	redis? ( >=dev-libs/hiredis-0.11.0:= )
+	relp? ( >=dev-libs/librelp-1.2.14:= )
+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
+	rfc5424hmac? (
+		!libressl? ( >=dev-libs/openssl-0.9.8y:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
+	ssl? ( >=net-libs/gnutls-2.12.23:0= )
+	systemd? ( >=sys-apps/systemd-234 )
+	uuid? ( sys-apps/util-linux:0= )
+	zeromq? (
+		>=net-libs/czmq-3.0.2
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/autoconf-archive-2015.02.24
+	virtual/pkgconfig
+	test? (
+		jemalloc? ( <sys-libs/libfaketime-0.9.7 )
+		!jemalloc? ( sys-libs/libfaketime )
+		${PYTHON_DEPS}
+	)"
+
+if [[ ${PV} == "9999" ]]; then
+	DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
+	DEPEND+=" >=sys-devel/flex-2.5.39-r1"
+	DEPEND+=" >=sys-devel/bison-2.4.3"
+	DEPEND+=" >=dev-python/docutils-0.12"
+fi
+
+CONFIG_CHECK="~INOTIFY_USER"
+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == "9999" ]]; then
+		git-r3_fetch
+		git-r3_checkout
+	else
+		unpack ${P}.tar.gz
+	fi
+
+	if use doc; then
+		if [[ ${PV} == "9999" ]]; then
+			local _EGIT_BRANCH=
+			if [[ -n "${EGIT_BRANCH}" ]]; then
+				# Cannot use rsyslog commits/branches for documentation repository
+				_EGIT_BRANCH=${EGIT_BRANCH}
+				unset EGIT_BRANCH
+			fi
+
+			git-r3_fetch "${DOC_REPO_URI}"
+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
+
+			if [[ -n "${_EGIT_BRANCH}" ]]; then
+				# Restore previous EGIT_BRANCH information
+				EGIT_BRANCH=${_EGIT_BRANCH}
+			fi
+		else
+			cd "${S}" || die "Cannot change dir into '${S}'"
+			mkdir docs || die "Failed to create docs directory"
+			cd docs || die "Failed to change dir into '${S}/docs'"
+			unpack ${MY_FILENAME_DOCS}
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	# Maintainer notes:
+	# * Guardtime support is missing because libgt isn't yet available
+	#   in portage.
+	# * Hadoop's HDFS file system output module is currently not
+	#   supported in Gentoo because nobody is able to test it
+	#   (JAVA dependency).
+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
+	#   upstream PR 129 and 136) so we need to export HIREDIS_*
+	#   variables because rsyslog's build system depends on pkg-config.
+
+	if use redis; then
+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
+	fi
+
+	local myeconfargs=(
+		--disable-debug-symbols
+		--disable-generate-man-pages
+		--without-valgrind-testbench
+		$(use_enable test testbench)
+		$(use_enable curl libcurl)
+		# Input Plugins without depedencies
+		--enable-imdiag
+		--enable-imfile
+		--enable-impstats
+		--enable-imptcp
+		# Message Modificiation Plugins without depedencies
+		--enable-mmanon
+		--enable-mmaudit
+		--enable-mmcount
+		--enable-mmfields
+		--enable-mmjsonparse
+		--enable-mmpstrucdata
+		--enable-mmrm1stspace
+		--enable-mmsequence
+		--enable-mmutf8fix
+		# Output Modification Plugins without dependencies
+		--enable-mail
+		--enable-omprog
+		--enable-omruleset
+		--enable-omstdout
+		--enable-omuxsock
+		# Misc
+		--enable-pmaixforwardedfrom
+		--enable-pmciscoios
+		--enable-pmcisconames
+		--enable-pmlastmsg
+		--enable-pmsnare
+		# DB
+		$(use_enable dbi libdbi)
+		$(use_enable mongodb ommongodb)
+		$(use_enable mysql)
+		$(use_enable postgres pgsql)
+		$(use_enable redis omhiredis)
+		# Debug
+		$(use_enable debug)
+		$(use_enable debug diagtools)
+		$(use_enable debug memcheck)
+		$(use_enable debug rtinst)
+		$(use_enable debug valgrind)
+		# Misc
+		$(use_enable elasticsearch)
+		$(use_enable gcrypt libgcrypt)
+		$(use_enable jemalloc)
+		$(use_enable kafka imkafka)
+		$(use_enable kafka omkafka)
+		$(use_enable kerberos gssapi-krb5)
+		$(use_enable normalize mmnormalize)
+		$(use_enable mdblookup mmdblookup)
+		$(use_enable grok mmgrok)
+		$(use_enable omhttpfs)
+		$(use_enable omudpspoof)
+		$(use_enable rabbitmq omrabbitmq)
+		$(use_enable relp)
+		$(use_enable rfc3195)
+		$(use_enable rfc5424hmac mmrfc5424addhmac)
+		$(use_enable snmp)
+		$(use_enable snmp mmsnmptrapd)
+		$(use_enable ssl gnutls)
+		$(use_enable systemd imjournal)
+		$(use_enable systemd omjournal)
+		$(use_enable usertools)
+		$(use_enable uuid)
+		$(use_enable zeromq imczmq)
+		$(use_enable zeromq omczmq)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use doc && [[ "${PV}" == "9999" ]]; then
+		einfo "Building documentation ..."
+		local doc_dir="${S}/docs"
+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"
+		sphinx-build -b html source build || die "Building documentation failed!"
+	fi
+}
+
+src_test() {
+	local _has_increased_ulimit=
+
+	# Sometimes tests aren't executable (i.e. when added via patch)
+	einfo "Adjusting permissions of test scripts ..."
+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \
+		die "Failed to adjust test scripts permission"
+
+	if ulimit -n 3072; then
+		_has_increased_ulimit="true"
+	fi
+
+	if ! emake --jobs 1 check; then
+		eerror "Test suite failed! :("
+
+		if [[ -z "${_has_increased_ulimit}" ]]; then
+			eerror "Probably because open file limit couldn't be set to 3072."
+		fi
+
+		if has userpriv ${FEATURES}; then
+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
+				"before you submit a bug report."
+		fi
+
+	fi
+}
+
+src_install() {
+	local DOCS=(
+		AUTHORS
+		ChangeLog
+		"${FILESDIR}"/${BRANCH}/README.gentoo
+	)
+
+	use doc && local HTML_DOCS=( "${S}/docs/build/." )
+
+	default
+
+	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN}
+	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN}
+
+	keepdir /var/empty/dev
+	keepdir /var/spool/${PN}
+	keepdir /etc/ssl/${PN}
+	keepdir /etc/${PN}.d
+
+	insinto /etc
+	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
+
+	insinto /etc/rsyslog.d/
+	newins "${FILESDIR}/${BRANCH}/50-default-r1.conf" 50-default.conf
+
+	insinto /etc/logrotate.d/
+	newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN}
+
+	if use mysql; then
+		insinto /usr/share/doc/${PF}/scripts/mysql
+		doins plugins/ommysql/createDB.sql
+	fi
+
+	if use postgres; then
+		insinto /usr/share/doc/${PF}/scripts/pgsql
+		doins plugins/ompgsql/createDB.sql
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	local advertise_readme=0
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		advertise_readme=1
+
+		if use mysql || use postgres; then
+			echo
+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
+			elog "  /usr/share/doc/${PF}/scripts"
+		fi
+
+		if use ssl; then
+			echo
+			elog "To create a default CA and certificates for your server and clients, run:"
+			elog "  emerge --config =${PF}"
+			elog "on your logging server. You can run it several times,"
+			elog "once for each logging client. The client certificates will be signed"
+			elog "using the CA certificate generated during the first run."
+		fi
+	fi
+
+	if [[ ${advertise_readme} -gt 0 ]]; then
+		# We need to show the README file location
+
+		echo ""
+		elog "Please read"
+		elog ""
+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
+		elog ""
+		elog "for more details."
+	fi
+}
+
+pkg_config() {
+	if ! use ssl ; then
+		einfo "There is nothing to configure for rsyslog unless you"
+		einfo "used USE=ssl to build it."
+		return 0
+	fi
+
+	# Make sure the certificates directory exists
+	local CERTDIR="${EROOT}/etc/ssl/${PN}"
+	if [[ ! -d "${CERTDIR}" ]]; then
+		mkdir "${CERTDIR}" || die
+	fi
+	einfo "Your certificates will be stored in ${CERTDIR}"
+
+	# Create a default CA if needed
+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = Portage automated CA
+		ca
+		cert_signing_key
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-self-signed \
+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		# Create the server certificate
+		echo
+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
+		read -r CN
+
+		einfo "Creating private key and certificate for server ${CN}..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = ${CN}
+		tls_www_server
+		dns_name = ${CN}
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-certificate \
+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	else
+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
+	fi
+
+	# Create a client certificate
+	echo
+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
+	read -r CN
+
+	einfo "Creating private key and certificate for client ${CN}..."
+	certtool --generate-privkey \
+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+	cat > "${T}/${PF}.$$" <<- _EOF
+	cn = ${CN}
+	tls_www_client
+	dns_name = ${CN}
+	expiration_days = 3650
+	_EOF
+
+	certtool --generate-certificate \
+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+		--template "${T}/${PF}.$$" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	rm -f "${T}/${PF}.$$"
+
+	echo
+	einfo "Here is the documentation on how to encrypt your log traffic:"
+	einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"
+}
diff --git a/app-admin/rsyslog/rsyslog-8.33.1-r1.ebuild b/app-admin/rsyslog/rsyslog-8.33.1-r1.ebuild
new file mode 100644
index 000000000000..c9aecb5b0713
--- /dev/null
+++ b/app-admin/rsyslog/rsyslog-8.33.1-r1.ebuild
@@ -0,0 +1,457 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit autotools eutils linux-info python-any-r1 systemd
+
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
+HOMEPAGE="https://www.rsyslog.com/"
+
+BRANCH="8-stable"
+
+if [[ ${PV} == "9999" ]]; then
+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
+
+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
+
+	inherit git-r3
+else
+	MY_PV=${PV%_rc*}
+	MY_FILENAME="${PN}-${PV}.tar.gz"
+	MY_FILENAME_DOCS="${PN}-docs-${PV}.tar.gz"
+	S="${WORKDIR}/${PN}-${MY_PV}"
+
+	# Upstream URL schema:
+	# RC:      http://www.rsyslog.com/files/download/rsyslog/rc/rsyslog-8.18.0.tar.gz
+	#          http://www.rsyslog.com/files/download/rsyslog/rc2/rsyslog-8.18.0.tar.gz
+	# Release: http://www.rsyslog.com/files/download/rsyslog/rsyslog-8.18.0.tar.gz
+
+	MY_URL_PREFIX=
+	if [[ ${PV} = *_rc* ]]; then
+		_tmp_last_index=$(($(get_last_version_component_index ${PV})+1))
+		_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${PV})
+		if [[ ${_tmp_suffix} = *rc* ]]; then
+			MY_URL_PREFIX="${_tmp_suffix}/"
+		fi
+
+		# Cleaning up temporary variables
+		unset _tmp_last_index
+		unset _tmp_suffix
+	else
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86"
+	fi
+
+	SRC_URI="
+		https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-${MY_PV}.tar.gz -> ${MY_FILENAME}
+		doc? ( https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-doc-${MY_PV}.tar.gz -> ${MY_FILENAME_DOCS} )
+	"
+fi
+
+LICENSE="GPL-3 LGPL-3 Apache-2.0"
+SLOT="0"
+IUSE="curl dbi debug doc elasticsearch +gcrypt grok jemalloc kafka kerberos libressl mdblookup mongodb mysql normalize omhttpfs"
+IUSE+=" omudpspoof postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid zeromq"
+
+RDEPEND="
+	>=dev-libs/libfastjson-0.99.8:=
+	>=dev-libs/libestr-0.1.9
+	>=dev-libs/liblogging-1.0.1:=[stdlog]
+	>=sys-libs/zlib-1.2.5
+	curl? ( >=net-misc/curl-7.35.0 )
+	dbi? ( >=dev-db/libdbi-0.8.3 )
+	elasticsearch? ( >=net-misc/curl-7.35.0 )
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
+	grok? ( >=dev-libs/grok-0.9.2 )
+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
+	kerberos? ( virtual/krb5 )
+	mdblookup? ( dev-libs/libmaxminddb:= )
+	mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
+	mysql? ( virtual/libmysqlclient:= )
+	normalize? (
+		>=dev-libs/libee-0.4.0
+		>=dev-libs/liblognorm-2.0.3:=
+	)
+	omhttpfs? ( >=net-misc/curl-7.35.0 )
+	omudpspoof? ( >=net-libs/libnet-1.1.6 )
+	postgres? ( >=dev-db/postgresql-8.4.20:= )
+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
+	redis? ( >=dev-libs/hiredis-0.11.0:= )
+	relp? ( >=dev-libs/librelp-1.2.14:= )
+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
+	rfc5424hmac? (
+		!libressl? ( >=dev-libs/openssl-0.9.8y:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
+	ssl? ( >=net-libs/gnutls-2.12.23:0= )
+	systemd? ( >=sys-apps/systemd-234 )
+	uuid? ( sys-apps/util-linux:0= )
+	zeromq? (
+		>=net-libs/czmq-3.0.2
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/autoconf-archive-2015.02.24
+	virtual/pkgconfig
+	test? (
+		jemalloc? ( <sys-libs/libfaketime-0.9.7 )
+		!jemalloc? ( sys-libs/libfaketime )
+		${PYTHON_DEPS}
+	)"
+
+if [[ ${PV} == "9999" ]]; then
+	DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
+	DEPEND+=" >=sys-devel/flex-2.5.39-r1"
+	DEPEND+=" >=sys-devel/bison-2.4.3"
+	DEPEND+=" >=dev-python/docutils-0.12"
+fi
+
+CONFIG_CHECK="~INOTIFY_USER"
+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == "9999" ]]; then
+		git-r3_fetch
+		git-r3_checkout
+	else
+		unpack ${P}.tar.gz
+	fi
+
+	if use doc; then
+		if [[ ${PV} == "9999" ]]; then
+			local _EGIT_BRANCH=
+			if [[ -n "${EGIT_BRANCH}" ]]; then
+				# Cannot use rsyslog commits/branches for documentation repository
+				_EGIT_BRANCH=${EGIT_BRANCH}
+				unset EGIT_BRANCH
+			fi
+
+			git-r3_fetch "${DOC_REPO_URI}"
+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
+
+			if [[ -n "${_EGIT_BRANCH}" ]]; then
+				# Restore previous EGIT_BRANCH information
+				EGIT_BRANCH=${_EGIT_BRANCH}
+			fi
+		else
+			cd "${S}" || die "Cannot change dir into '${S}'"
+			mkdir docs || die "Failed to create docs directory"
+			cd docs || die "Failed to change dir into '${S}/docs'"
+			unpack ${MY_FILENAME_DOCS}
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	# Maintainer notes:
+	# * Guardtime support is missing because libgt isn't yet available
+	#   in portage.
+	# * Hadoop's HDFS file system output module is currently not
+	#   supported in Gentoo because nobody is able to test it
+	#   (JAVA dependency).
+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
+	#   upstream PR 129 and 136) so we need to export HIREDIS_*
+	#   variables because rsyslog's build system depends on pkg-config.
+
+	if use redis; then
+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
+	fi
+
+	local myeconfargs=(
+		--disable-debug-symbols
+		--disable-generate-man-pages
+		--without-valgrind-testbench
+		$(use_enable test testbench)
+		$(use_enable curl libcurl)
+		# Input Plugins without depedencies
+		--enable-imdiag
+		--enable-imfile
+		--enable-impstats
+		--enable-imptcp
+		# Message Modificiation Plugins without depedencies
+		--enable-mmanon
+		--enable-mmaudit
+		--enable-mmcount
+		--enable-mmfields
+		--enable-mmjsonparse
+		--enable-mmpstrucdata
+		--enable-mmrm1stspace
+		--enable-mmsequence
+		--enable-mmutf8fix
+		# Output Modification Plugins without dependencies
+		--enable-mail
+		--enable-omprog
+		--enable-omruleset
+		--enable-omstdout
+		--enable-omuxsock
+		# Misc
+		--enable-pmaixforwardedfrom
+		--enable-pmciscoios
+		--enable-pmcisconames
+		--enable-pmlastmsg
+		--enable-pmsnare
+		# DB
+		$(use_enable dbi libdbi)
+		$(use_enable mongodb ommongodb)
+		$(use_enable mysql)
+		$(use_enable postgres pgsql)
+		$(use_enable redis omhiredis)
+		# Debug
+		$(use_enable debug)
+		$(use_enable debug diagtools)
+		$(use_enable debug memcheck)
+		$(use_enable debug rtinst)
+		$(use_enable debug valgrind)
+		# Misc
+		$(use_enable elasticsearch)
+		$(use_enable gcrypt libgcrypt)
+		$(use_enable jemalloc)
+		$(use_enable kafka imkafka)
+		$(use_enable kafka omkafka)
+		$(use_enable kerberos gssapi-krb5)
+		$(use_enable normalize mmnormalize)
+		$(use_enable mdblookup mmdblookup)
+		$(use_enable grok mmgrok)
+		$(use_enable omhttpfs)
+		$(use_enable omudpspoof)
+		$(use_enable rabbitmq omrabbitmq)
+		$(use_enable relp)
+		$(use_enable rfc3195)
+		$(use_enable rfc5424hmac mmrfc5424addhmac)
+		$(use_enable snmp)
+		$(use_enable snmp mmsnmptrapd)
+		$(use_enable ssl gnutls)
+		$(use_enable systemd imjournal)
+		$(use_enable systemd omjournal)
+		$(use_enable usertools)
+		$(use_enable uuid)
+		$(use_enable zeromq imczmq)
+		$(use_enable zeromq omczmq)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use doc && [[ "${PV}" == "9999" ]]; then
+		einfo "Building documentation ..."
+		local doc_dir="${S}/docs"
+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"
+		sphinx-build -b html source build || die "Building documentation failed!"
+	fi
+}
+
+src_test() {
+	local _has_increased_ulimit=
+
+	# Sometimes tests aren't executable (i.e. when added via patch)
+	einfo "Adjusting permissions of test scripts ..."
+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \
+		die "Failed to adjust test scripts permission"
+
+	if ulimit -n 3072; then
+		_has_increased_ulimit="true"
+	fi
+
+	if ! emake --jobs 1 check; then
+		eerror "Test suite failed! :("
+
+		if [[ -z "${_has_increased_ulimit}" ]]; then
+			eerror "Probably because open file limit couldn't be set to 3072."
+		fi
+
+		if has userpriv ${FEATURES}; then
+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
+				"before you submit a bug report."
+		fi
+
+	fi
+}
+
+src_install() {
+	local DOCS=(
+		AUTHORS
+		ChangeLog
+		"${FILESDIR}"/${BRANCH}/README.gentoo
+	)
+
+	use doc && local HTML_DOCS=( "${S}/docs/build/." )
+
+	default
+
+	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN}
+	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN}
+
+	keepdir /var/empty/dev
+	keepdir /var/spool/${PN}
+	keepdir /etc/ssl/${PN}
+	keepdir /etc/${PN}.d
+
+	insinto /etc
+	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
+
+	insinto /etc/rsyslog.d/
+	newins "${FILESDIR}/${BRANCH}/50-default-r1.conf" 50-default.conf
+
+	insinto /etc/logrotate.d/
+	newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN}
+
+	if use mysql; then
+		insinto /usr/share/doc/${PF}/scripts/mysql
+		doins plugins/ommysql/createDB.sql
+	fi
+
+	if use postgres; then
+		insinto /usr/share/doc/${PF}/scripts/pgsql
+		doins plugins/ompgsql/createDB.sql
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	local advertise_readme=0
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		advertise_readme=1
+
+		if use mysql || use postgres; then
+			echo
+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
+			elog "  /usr/share/doc/${PF}/scripts"
+		fi
+
+		if use ssl; then
+			echo
+			elog "To create a default CA and certificates for your server and clients, run:"
+			elog "  emerge --config =${PF}"
+			elog "on your logging server. You can run it several times,"
+			elog "once for each logging client. The client certificates will be signed"
+			elog "using the CA certificate generated during the first run."
+		fi
+	fi
+
+	if [[ ${advertise_readme} -gt 0 ]]; then
+		# We need to show the README file location
+
+		echo ""
+		elog "Please read"
+		elog ""
+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
+		elog ""
+		elog "for more details."
+	fi
+}
+
+pkg_config() {
+	if ! use ssl ; then
+		einfo "There is nothing to configure for rsyslog unless you"
+		einfo "used USE=ssl to build it."
+		return 0
+	fi
+
+	# Make sure the certificates directory exists
+	local CERTDIR="${EROOT}/etc/ssl/${PN}"
+	if [[ ! -d "${CERTDIR}" ]]; then
+		mkdir "${CERTDIR}" || die
+	fi
+	einfo "Your certificates will be stored in ${CERTDIR}"
+
+	# Create a default CA if needed
+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = Portage automated CA
+		ca
+		cert_signing_key
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-self-signed \
+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		# Create the server certificate
+		echo
+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
+		read -r CN
+
+		einfo "Creating private key and certificate for server ${CN}..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = ${CN}
+		tls_www_server
+		dns_name = ${CN}
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-certificate \
+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	else
+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
+	fi
+
+	# Create a client certificate
+	echo
+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
+	read -r CN
+
+	einfo "Creating private key and certificate for client ${CN}..."
+	certtool --generate-privkey \
+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+	cat > "${T}/${PF}.$$" <<- _EOF
+	cn = ${CN}
+	tls_www_client
+	dns_name = ${CN}
+	expiration_days = 3650
+	_EOF
+
+	certtool --generate-certificate \
+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+		--template "${T}/${PF}.$$" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	rm -f "${T}/${PF}.$$"
+
+	echo
+	einfo "Here is the documentation on how to encrypt your log traffic:"
+	einfo " http://www.rsyslog.com/doc/rsyslog_tls.html"
+}
diff --git a/app-admin/rsyslog/rsyslog-8.34.0.ebuild b/app-admin/rsyslog/rsyslog-8.34.0.ebuild
new file mode 100644
index 000000000000..e13267969512
--- /dev/null
+++ b/app-admin/rsyslog/rsyslog-8.34.0.ebuild
@@ -0,0 +1,464 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit autotools eutils linux-info python-any-r1 systemd
+
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
+HOMEPAGE="https://www.rsyslog.com/"
+
+BRANCH="8-stable"
+
+if [[ ${PV} == "9999" ]]; then
+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
+
+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
+
+	inherit git-r3
+else
+	MY_PV=${PV%_rc*}
+	MY_FILENAME="${PN}-${PV}.tar.gz"
+	MY_FILENAME_DOCS="${PN}-docs-${PV}.tar.gz"
+	S="${WORKDIR}/${PN}-${MY_PV}"
+
+	# Upstream URL schema:
+	# RC:      https://www.rsyslog.com/files/download/rsyslog/rc/rsyslog-8.18.0.tar.gz
+	#          https://www.rsyslog.com/files/download/rsyslog/rc2/rsyslog-8.18.0.tar.gz
+	# Release: https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.18.0.tar.gz
+
+	MY_URL_PREFIX=
+	if [[ ${PV} = *_rc* ]]; then
+		_tmp_last_index=$(($(get_last_version_component_index ${PV})+1))
+		_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${PV})
+		if [[ ${_tmp_suffix} = *rc* ]]; then
+			MY_URL_PREFIX="${_tmp_suffix}/"
+		fi
+
+		# Cleaning up temporary variables
+		unset _tmp_last_index
+		unset _tmp_suffix
+	else
+		KEYWORDS="amd64 arm ~arm64 ~hppa x86"
+	fi
+
+	SRC_URI="
+		https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-${MY_PV}.tar.gz -> ${MY_FILENAME}
+		doc? ( https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-doc-${MY_PV}.tar.gz -> ${MY_FILENAME_DOCS} )
+	"
+
+	PATCHES=( "${FILESDIR}"/${BRANCH}/${PN}-8.34.0-fix-issue2612.patch )
+fi
+
+LICENSE="GPL-3 LGPL-3 Apache-2.0"
+SLOT="0"
+IUSE="curl dbi debug doc elasticsearch +gcrypt grok jemalloc kafka kerberos kubernetes libressl mdblookup mongodb mysql"
+IUSE+=" normalize omhttpfs omudpspoof postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid zeromq"
+
+RDEPEND="
+	>=dev-libs/libfastjson-0.99.8:=
+	>=dev-libs/libestr-0.1.9
+	>=dev-libs/liblogging-1.0.1:=[stdlog]
+	>=sys-libs/zlib-1.2.5
+	curl? ( >=net-misc/curl-7.35.0 )
+	dbi? ( >=dev-db/libdbi-0.8.3 )
+	elasticsearch? ( >=net-misc/curl-7.35.0 )
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
+	grok? ( >=dev-libs/grok-0.9.2 )
+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
+	kerberos? ( virtual/krb5 )
+	kubernetes? ( >=net-misc/curl-7.35.0 )
+	mdblookup? ( dev-libs/libmaxminddb:= )
+	mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
+	mysql? ( virtual/libmysqlclient:= )
+	normalize? (
+		>=dev-libs/libee-0.4.0
+		>=dev-libs/liblognorm-2.0.3:=
+	)
+	omhttpfs? ( >=net-misc/curl-7.35.0 )
+	omudpspoof? ( >=net-libs/libnet-1.1.6 )
+	postgres? ( >=dev-db/postgresql-8.4.20:= )
+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
+	redis? ( >=dev-libs/hiredis-0.11.0:= )
+	relp? ( >=dev-libs/librelp-1.2.14:= )
+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
+	rfc5424hmac? (
+		!libressl? ( >=dev-libs/openssl-0.9.8y:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
+	ssl? ( >=net-libs/gnutls-2.12.23:0= )
+	systemd? ( >=sys-apps/systemd-234 )
+	uuid? ( sys-apps/util-linux:0= )
+	zeromq? (
+		>=net-libs/czmq-3.0.2
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/autoconf-archive-2015.02.24
+	virtual/pkgconfig
+	test? (
+		jemalloc? ( <sys-libs/libfaketime-0.9.7 )
+		!jemalloc? ( sys-libs/libfaketime )
+		${PYTHON_DEPS}
+	)"
+
+REQUIRED_USE="kubernetes? ( normalize )"
+
+if [[ ${PV} == "9999" ]]; then
+	DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
+	DEPEND+=" >=sys-devel/flex-2.5.39-r1"
+	DEPEND+=" >=sys-devel/bison-2.4.3"
+	DEPEND+=" >=dev-python/docutils-0.12"
+fi
+
+CONFIG_CHECK="~INOTIFY_USER"
+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == "9999" ]]; then
+		git-r3_fetch
+		git-r3_checkout
+	else
+		unpack ${P}.tar.gz
+	fi
+
+	if use doc; then
+		if [[ ${PV} == "9999" ]]; then
+			local _EGIT_BRANCH=
+			if [[ -n "${EGIT_BRANCH}" ]]; then
+				# Cannot use rsyslog commits/branches for documentation repository
+				_EGIT_BRANCH=${EGIT_BRANCH}
+				unset EGIT_BRANCH
+			fi
+
+			git-r3_fetch "${DOC_REPO_URI}"
+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
+
+			if [[ -n "${_EGIT_BRANCH}" ]]; then
+				# Restore previous EGIT_BRANCH information
+				EGIT_BRANCH=${_EGIT_BRANCH}
+			fi
+		else
+			cd "${S}" || die "Cannot change dir into '${S}'"
+			mkdir docs || die "Failed to create docs directory"
+			cd docs || die "Failed to change dir into '${S}/docs'"
+			unpack ${MY_FILENAME_DOCS}
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	# Maintainer notes:
+	# * Guardtime support is missing because libgt isn't yet available
+	#   in portage.
+	# * Hadoop's HDFS file system output module is currently not
+	#   supported in Gentoo because nobody is able to test it
+	#   (JAVA dependency).
+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
+	#   upstream PR 129 and 136) so we need to export HIREDIS_*
+	#   variables because rsyslog's build system depends on pkg-config.
+
+	if use redis; then
+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
+	fi
+
+	local myeconfargs=(
+		--disable-debug-symbols
+		--disable-generate-man-pages
+		--without-valgrind-testbench
+		$(use_enable test testbench)
+		$(use_enable curl libcurl)
+		# Input Plugins without depedencies
+		--enable-imdiag
+		--enable-imfile
+		--enable-impstats
+		--enable-imptcp
+		# Message Modificiation Plugins without depedencies
+		--enable-mmanon
+		--enable-mmaudit
+		--enable-mmcount
+		--enable-mmfields
+		--enable-mmjsonparse
+		--enable-mmpstrucdata
+		--enable-mmrm1stspace
+		--enable-mmsequence
+		--enable-mmutf8fix
+		# Output Modification Plugins without dependencies
+		--enable-mail
+		--enable-omprog
+		--enable-omruleset
+		--enable-omstdout
+		--enable-omuxsock
+		# Misc
+		--enable-pmaixforwardedfrom
+		--enable-pmciscoios
+		--enable-pmcisconames
+		--enable-pmlastmsg
+		--enable-pmsnare
+		# DB
+		$(use_enable dbi libdbi)
+		$(use_enable mongodb ommongodb)
+		$(use_enable mysql)
+		$(use_enable postgres pgsql)
+		$(use_enable redis omhiredis)
+		# Debug
+		$(use_enable debug)
+		$(use_enable debug diagtools)
+		$(use_enable debug memcheck)
+		$(use_enable debug rtinst)
+		$(use_enable debug valgrind)
+		# Misc
+		$(use_enable curl fmhttp)
+		$(use_enable elasticsearch)
+		$(use_enable gcrypt libgcrypt)
+		$(use_enable jemalloc)
+		$(use_enable kafka imkafka)
+		$(use_enable kafka omkafka)
+		$(use_enable kerberos gssapi-krb5)
+		$(use_enable kubernetes mmkubernetes)
+		$(use_enable normalize mmnormalize)
+		$(use_enable mdblookup mmdblookup)
+		$(use_enable grok mmgrok)
+		$(use_enable omhttpfs)
+		$(use_enable omudpspoof)
+		$(use_enable rabbitmq omrabbitmq)
+		$(use_enable relp)
+		$(use_enable rfc3195)
+		$(use_enable rfc5424hmac mmrfc5424addhmac)
+		$(use_enable snmp)
+		$(use_enable snmp mmsnmptrapd)
+		$(use_enable ssl gnutls)
+		$(use_enable systemd imjournal)
+		$(use_enable systemd omjournal)
+		$(use_enable usertools)
+		$(use_enable uuid)
+		$(use_enable zeromq imczmq)
+		$(use_enable zeromq omczmq)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use doc && [[ "${PV}" == "9999" ]]; then
+		einfo "Building documentation ..."
+		local doc_dir="${S}/docs"
+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"
+		sphinx-build -b html source build || die "Building documentation failed!"
+	fi
+}
+
+src_test() {
+	local _has_increased_ulimit=
+
+	# Sometimes tests aren't executable (i.e. when added via patch)
+	einfo "Adjusting permissions of test scripts ..."
+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \
+		die "Failed to adjust test scripts permission"
+
+	if ulimit -n 3072; then
+		_has_increased_ulimit="true"
+	fi
+
+	if ! emake --jobs 1 check; then
+		eerror "Test suite failed! :("
+
+		if [[ -z "${_has_increased_ulimit}" ]]; then
+			eerror "Probably because open file limit couldn't be set to 3072."
+		fi
+
+		if has userpriv ${FEATURES}; then
+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
+				"before you submit a bug report."
+		fi
+
+	fi
+}
+
+src_install() {
+	local DOCS=(
+		AUTHORS
+		ChangeLog
+		"${FILESDIR}"/${BRANCH}/README.gentoo
+	)
+
+	use doc && local HTML_DOCS=( "${S}/docs/build/." )
+
+	default
+
+	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN}
+	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN}
+
+	keepdir /var/empty/dev
+	keepdir /var/spool/${PN}
+	keepdir /etc/ssl/${PN}
+	keepdir /etc/${PN}.d
+
+	insinto /etc
+	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
+
+	insinto /etc/rsyslog.d/
+	newins "${FILESDIR}/${BRANCH}/50-default-r1.conf" 50-default.conf
+
+	insinto /etc/logrotate.d/
+	newins "${FILESDIR}/${BRANCH}/${PN}.logrotate" ${PN}
+
+	if use mysql; then
+		insinto /usr/share/doc/${PF}/scripts/mysql
+		doins plugins/ommysql/createDB.sql
+	fi
+
+	if use postgres; then
+		insinto /usr/share/doc/${PF}/scripts/pgsql
+		doins plugins/ompgsql/createDB.sql
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	local advertise_readme=0
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		advertise_readme=1
+
+		if use mysql || use postgres; then
+			echo
+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
+			elog "  /usr/share/doc/${PF}/scripts"
+		fi
+
+		if use ssl; then
+			echo
+			elog "To create a default CA and certificates for your server and clients, run:"
+			elog "  emerge --config =${PF}"
+			elog "on your logging server. You can run it several times,"
+			elog "once for each logging client. The client certificates will be signed"
+			elog "using the CA certificate generated during the first run."
+		fi
+	fi
+
+	if [[ ${advertise_readme} -gt 0 ]]; then
+		# We need to show the README file location
+
+		echo ""
+		elog "Please read"
+		elog ""
+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
+		elog ""
+		elog "for more details."
+	fi
+}
+
+pkg_config() {
+	if ! use ssl ; then
+		einfo "There is nothing to configure for rsyslog unless you"
+		einfo "used USE=ssl to build it."
+		return 0
+	fi
+
+	# Make sure the certificates directory exists
+	local CERTDIR="${EROOT}/etc/ssl/${PN}"
+	if [[ ! -d "${CERTDIR}" ]]; then
+		mkdir "${CERTDIR}" || die
+	fi
+	einfo "Your certificates will be stored in ${CERTDIR}"
+
+	# Create a default CA if needed
+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = Portage automated CA
+		ca
+		cert_signing_key
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-self-signed \
+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		# Create the server certificate
+		echo
+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
+		read -r CN
+
+		einfo "Creating private key and certificate for server ${CN}..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = ${CN}
+		tls_www_server
+		dns_name = ${CN}
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-certificate \
+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	else
+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
+	fi
+
+	# Create a client certificate
+	echo
+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
+	read -r CN
+
+	einfo "Creating private key and certificate for client ${CN}..."
+	certtool --generate-privkey \
+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+	cat > "${T}/${PF}.$$" <<- _EOF
+	cn = ${CN}
+	tls_www_client
+	dns_name = ${CN}
+	expiration_days = 3650
+	_EOF
+
+	certtool --generate-certificate \
+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+		--template "${T}/${PF}.$$" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	rm -f "${T}/${PF}.$$"
+
+	echo
+	einfo "Here is the documentation on how to encrypt your log traffic:"
+	einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"
+}
diff --git a/app-admin/rsyslog/rsyslog-8.35.0-r1.ebuild b/app-admin/rsyslog/rsyslog-8.35.0-r1.ebuild
new file mode 100644
index 000000000000..88d35b15d840
--- /dev/null
+++ b/app-admin/rsyslog/rsyslog-8.35.0-r1.ebuild
@@ -0,0 +1,467 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit autotools eutils linux-info python-any-r1 systemd
+
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
+HOMEPAGE="https://www.rsyslog.com/"
+
+BRANCH="8-stable"
+
+if [[ ${PV} == "9999" ]]; then
+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
+
+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
+
+	inherit git-r3
+else
+	MY_PV=${PV%_rc*}
+	MY_FILENAME="${PN}-${PV}.tar.gz"
+	MY_FILENAME_DOCS="${PN}-docs-${PV}.tar.gz"
+	S="${WORKDIR}/${PN}-${MY_PV}"
+
+	# Upstream URL schema:
+	# RC:      https://www.rsyslog.com/files/download/rsyslog/rc/rsyslog-8.18.0.tar.gz
+	#          https://www.rsyslog.com/files/download/rsyslog/rc2/rsyslog-8.18.0.tar.gz
+	# Release: https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.18.0.tar.gz
+
+	MY_URL_PREFIX=
+	if [[ ${PV} = *_rc* ]]; then
+		_tmp_last_index=$(($(get_last_version_component_index ${PV})+1))
+		_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${PV})
+		if [[ ${_tmp_suffix} = *rc* ]]; then
+			MY_URL_PREFIX="${_tmp_suffix}/"
+		fi
+
+		# Cleaning up temporary variables
+		unset _tmp_last_index
+		unset _tmp_suffix
+	else
+		KEYWORDS="amd64 ~arm ~arm64 ~hppa x86"
+	fi
+
+	SRC_URI="
+		https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-${MY_PV}.tar.gz -> ${MY_FILENAME}
+		doc? ( https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-doc-${MY_PV}.tar.gz -> ${MY_FILENAME_DOCS} )
+	"
+
+	PATCHES=(
+		"${FILESDIR}"/${BRANCH}/${PN}-8.35.0-fix-issue2719.patch
+		"${FILESDIR}"/${BRANCH}/${PN}-8.35.0-fix-issue2726.patch
+	)
+fi
+
+LICENSE="GPL-3 LGPL-3 Apache-2.0"
+SLOT="0"
+IUSE="curl dbi debug doc elasticsearch +gcrypt grok jemalloc kafka kerberos kubernetes libressl mdblookup mongodb mysql"
+IUSE+=" normalize omhttpfs omudpspoof postgres rabbitmq redis relp rfc3195 rfc5424hmac snmp ssl systemd test usertools +uuid zeromq"
+
+RDEPEND="
+	>=dev-libs/libfastjson-0.99.8:=
+	>=dev-libs/libestr-0.1.9
+	>=dev-libs/liblogging-1.0.1:=[stdlog]
+	>=sys-libs/zlib-1.2.5
+	curl? ( >=net-misc/curl-7.35.0 )
+	dbi? ( >=dev-db/libdbi-0.8.3 )
+	elasticsearch? ( >=net-misc/curl-7.35.0 )
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
+	grok? ( >=dev-libs/grok-0.9.2 )
+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
+	kerberos? ( virtual/krb5 )
+	kubernetes? ( >=net-misc/curl-7.35.0 )
+	mdblookup? ( dev-libs/libmaxminddb:= )
+	mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
+	mysql? ( virtual/libmysqlclient:= )
+	normalize? (
+		>=dev-libs/libee-0.4.0
+		>=dev-libs/liblognorm-2.0.3:=
+	)
+	omhttpfs? ( >=net-misc/curl-7.35.0 )
+	omudpspoof? ( >=net-libs/libnet-1.1.6 )
+	postgres? ( >=dev-db/postgresql-8.4.20:= )
+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
+	redis? ( >=dev-libs/hiredis-0.11.0:= )
+	relp? ( >=dev-libs/librelp-1.2.14:= )
+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
+	rfc5424hmac? (
+		!libressl? ( >=dev-libs/openssl-0.9.8y:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
+	ssl? ( >=net-libs/gnutls-2.12.23:0= )
+	systemd? ( >=sys-apps/systemd-234 )
+	uuid? ( sys-apps/util-linux:0= )
+	zeromq? (
+		>=net-libs/czmq-3.0.2
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/autoconf-archive-2015.02.24
+	virtual/pkgconfig
+	test? (
+		jemalloc? ( <sys-libs/libfaketime-0.9.7 )
+		!jemalloc? ( sys-libs/libfaketime )
+		${PYTHON_DEPS}
+	)"
+
+REQUIRED_USE="kubernetes? ( normalize )"
+
+if [[ ${PV} == "9999" ]]; then
+	DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
+	DEPEND+=" >=sys-devel/flex-2.5.39-r1"
+	DEPEND+=" >=sys-devel/bison-2.4.3"
+	DEPEND+=" >=dev-python/docutils-0.12"
+fi
+
+CONFIG_CHECK="~INOTIFY_USER"
+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == "9999" ]]; then
+		git-r3_fetch
+		git-r3_checkout
+	else
+		unpack ${P}.tar.gz
+	fi
+
+	if use doc; then
+		if [[ ${PV} == "9999" ]]; then
+			local _EGIT_BRANCH=
+			if [[ -n "${EGIT_BRANCH}" ]]; then
+				# Cannot use rsyslog commits/branches for documentation repository
+				_EGIT_BRANCH=${EGIT_BRANCH}
+				unset EGIT_BRANCH
+			fi
+
+			git-r3_fetch "${DOC_REPO_URI}"
+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
+
+			if [[ -n "${_EGIT_BRANCH}" ]]; then
+				# Restore previous EGIT_BRANCH information
+				EGIT_BRANCH=${_EGIT_BRANCH}
+			fi
+		else
+			cd "${S}" || die "Cannot change dir into '${S}'"
+			mkdir docs || die "Failed to create docs directory"
+			cd docs || die "Failed to change dir into '${S}/docs'"
+			unpack ${MY_FILENAME_DOCS}
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	# Maintainer notes:
+	# * Guardtime support is missing because libgt isn't yet available
+	#   in portage.
+	# * Hadoop's HDFS file system output module is currently not
+	#   supported in Gentoo because nobody is able to test it
+	#   (JAVA dependency).
+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
+	#   upstream PR 129 and 136) so we need to export HIREDIS_*
+	#   variables because rsyslog's build system depends on pkg-config.
+
+	if use redis; then
+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
+	fi
+
+	local myeconfargs=(
+		--disable-debug-symbols
+		--disable-generate-man-pages
+		--without-valgrind-testbench
+		$(use_enable test testbench)
+		$(use_enable curl libcurl)
+		# Input Plugins without depedencies
+		--enable-imdiag
+		--enable-imfile
+		--enable-impstats
+		--enable-imptcp
+		# Message Modificiation Plugins without depedencies
+		--enable-mmanon
+		--enable-mmaudit
+		--enable-mmcount
+		--enable-mmfields
+		--enable-mmjsonparse
+		--enable-mmpstrucdata
+		--enable-mmrm1stspace
+		--enable-mmsequence
+		--enable-mmutf8fix
+		# Output Modification Plugins without dependencies
+		--enable-mail
+		--enable-omprog
+		--enable-omruleset
+		--enable-omstdout
+		--enable-omuxsock
+		# Misc
+		--enable-pmaixforwardedfrom
+		--enable-pmciscoios
+		--enable-pmcisconames
+		--enable-pmlastmsg
+		--enable-pmsnare
+		# DB
+		$(use_enable dbi libdbi)
+		$(use_enable mongodb ommongodb)
+		$(use_enable mysql)
+		$(use_enable postgres pgsql)
+		$(use_enable redis omhiredis)
+		# Debug
+		$(use_enable debug)
+		$(use_enable debug diagtools)
+		$(use_enable debug memcheck)
+		$(use_enable debug rtinst)
+		$(use_enable debug valgrind)
+		# Misc
+		$(use_enable curl fmhttp)
+		$(use_enable elasticsearch)
+		$(use_enable gcrypt libgcrypt)
+		$(use_enable jemalloc)
+		$(use_enable kafka imkafka)
+		$(use_enable kafka omkafka)
+		$(use_enable kerberos gssapi-krb5)
+		$(use_enable kubernetes mmkubernetes)
+		$(use_enable normalize mmnormalize)
+		$(use_enable mdblookup mmdblookup)
+		$(use_enable grok mmgrok)
+		$(use_enable omhttpfs)
+		$(use_enable omudpspoof)
+		$(use_enable rabbitmq omrabbitmq)
+		$(use_enable relp)
+		$(use_enable rfc3195)
+		$(use_enable rfc5424hmac mmrfc5424addhmac)
+		$(use_enable snmp)
+		$(use_enable snmp mmsnmptrapd)
+		$(use_enable ssl gnutls)
+		$(use_enable systemd imjournal)
+		$(use_enable systemd omjournal)
+		$(use_enable usertools)
+		$(use_enable uuid)
+		$(use_enable zeromq imczmq)
+		$(use_enable zeromq omczmq)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use doc && [[ "${PV}" == "9999" ]]; then
+		einfo "Building documentation ..."
+		local doc_dir="${S}/docs"
+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"
+		sphinx-build -b html source build || die "Building documentation failed!"
+	fi
+}
+
+src_test() {
+	local _has_increased_ulimit=
+
+	# Sometimes tests aren't executable (i.e. when added via patch)
+	einfo "Adjusting permissions of test scripts ..."
+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \
+		die "Failed to adjust test scripts permission"
+
+	if ulimit -n 3072; then
+		_has_increased_ulimit="true"
+	fi
+
+	if ! emake --jobs 1 check; then
+		eerror "Test suite failed! :("
+
+		if [[ -z "${_has_increased_ulimit}" ]]; then
+			eerror "Probably because open file limit couldn't be set to 3072."
+		fi
+
+		if has userpriv ${FEATURES}; then
+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
+				"before you submit a bug report."
+		fi
+
+	fi
+}
+
+src_install() {
+	local DOCS=(
+		AUTHORS
+		ChangeLog
+		"${FILESDIR}"/${BRANCH}/README.gentoo
+	)
+
+	use doc && local HTML_DOCS=( "${S}/docs/build/." )
+
+	default
+
+	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN}
+	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN}
+
+	keepdir /var/empty/dev
+	keepdir /var/spool/${PN}
+	keepdir /etc/ssl/${PN}
+	keepdir /etc/${PN}.d
+
+	insinto /etc
+	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
+
+	insinto /etc/rsyslog.d/
+	newins "${FILESDIR}/${BRANCH}/50-default-r1.conf" 50-default.conf
+
+	insinto /etc/logrotate.d/
+	newins "${FILESDIR}/${BRANCH}/${PN}-r1.logrotate" ${PN}
+
+	if use mysql; then
+		insinto /usr/share/doc/${PF}/scripts/mysql
+		doins plugins/ommysql/createDB.sql
+	fi
+
+	if use postgres; then
+		insinto /usr/share/doc/${PF}/scripts/pgsql
+		doins plugins/ompgsql/createDB.sql
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	local advertise_readme=0
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		advertise_readme=1
+
+		if use mysql || use postgres; then
+			echo
+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
+			elog "  /usr/share/doc/${PF}/scripts"
+		fi
+
+		if use ssl; then
+			echo
+			elog "To create a default CA and certificates for your server and clients, run:"
+			elog "  emerge --config =${PF}"
+			elog "on your logging server. You can run it several times,"
+			elog "once for each logging client. The client certificates will be signed"
+			elog "using the CA certificate generated during the first run."
+		fi
+	fi
+
+	if [[ ${advertise_readme} -gt 0 ]]; then
+		# We need to show the README file location
+
+		echo ""
+		elog "Please read"
+		elog ""
+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
+		elog ""
+		elog "for more details."
+	fi
+}
+
+pkg_config() {
+	if ! use ssl ; then
+		einfo "There is nothing to configure for rsyslog unless you"
+		einfo "used USE=ssl to build it."
+		return 0
+	fi
+
+	# Make sure the certificates directory exists
+	local CERTDIR="${EROOT}/etc/ssl/${PN}"
+	if [[ ! -d "${CERTDIR}" ]]; then
+		mkdir "${CERTDIR}" || die
+	fi
+	einfo "Your certificates will be stored in ${CERTDIR}"
+
+	# Create a default CA if needed
+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = Portage automated CA
+		ca
+		cert_signing_key
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-self-signed \
+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		# Create the server certificate
+		echo
+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
+		read -r CN
+
+		einfo "Creating private key and certificate for server ${CN}..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = ${CN}
+		tls_www_server
+		dns_name = ${CN}
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-certificate \
+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	else
+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
+	fi
+
+	# Create a client certificate
+	echo
+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
+	read -r CN
+
+	einfo "Creating private key and certificate for client ${CN}..."
+	certtool --generate-privkey \
+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+	cat > "${T}/${PF}.$$" <<- _EOF
+	cn = ${CN}
+	tls_www_client
+	dns_name = ${CN}
+	expiration_days = 3650
+	_EOF
+
+	certtool --generate-certificate \
+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+		--template "${T}/${PF}.$$" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	rm -f "${T}/${PF}.$$"
+
+	echo
+	einfo "Here is the documentation on how to encrypt your log traffic:"
+	einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"
+}
diff --git a/app-admin/rsyslog/rsyslog-8.36.0-r1.ebuild b/app-admin/rsyslog/rsyslog-8.36.0-r1.ebuild
new file mode 100644
index 000000000000..27d2078ef8fd
--- /dev/null
+++ b/app-admin/rsyslog/rsyslog-8.36.0-r1.ebuild
@@ -0,0 +1,476 @@
+# Copyright 1999-2018 Gentoo Foundation
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI="6"
+PYTHON_COMPAT=( python{2_7,3_4,3_5,3_6} )
+
+inherit autotools eutils linux-info python-any-r1 systemd
+
+DESCRIPTION="An enhanced multi-threaded syslogd with database support and more"
+HOMEPAGE="https://www.rsyslog.com/"
+
+BRANCH="8-stable"
+
+if [[ ${PV} == "9999" ]]; then
+	EGIT_REPO_URI="https://github.com/rsyslog/${PN}.git"
+
+	DOC_REPO_URI="https://github.com/rsyslog/${PN}-doc.git"
+
+	inherit git-r3
+else
+	MY_PV=${PV%_rc*}
+	MY_FILENAME="${PN}-${PV}.tar.gz"
+	MY_FILENAME_DOCS="${PN}-docs-${PV}.tar.gz"
+	S="${WORKDIR}/${PN}-${MY_PV}"
+
+	# Upstream URL schema:
+	# RC:      https://www.rsyslog.com/files/download/rsyslog/rc/rsyslog-8.18.0.tar.gz
+	#          https://www.rsyslog.com/files/download/rsyslog/rc2/rsyslog-8.18.0.tar.gz
+	# Release: https://www.rsyslog.com/files/download/rsyslog/rsyslog-8.18.0.tar.gz
+
+	MY_URL_PREFIX=
+	if [[ ${PV} = *_rc* ]]; then
+		_tmp_last_index=$(($(get_last_version_component_index ${PV})+1))
+		_tmp_suffix=$(get_version_component_range ${_tmp_last_index} ${PV})
+		if [[ ${_tmp_suffix} = *rc* ]]; then
+			MY_URL_PREFIX="${_tmp_suffix}/"
+		fi
+
+		# Cleaning up temporary variables
+		unset _tmp_last_index
+		unset _tmp_suffix
+	else
+		KEYWORDS="~amd64 ~arm ~arm64 ~hppa ~x86"
+	fi
+
+	SRC_URI="
+		https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-${MY_PV}.tar.gz -> ${MY_FILENAME}
+		doc? ( https://www.rsyslog.com/files/download/${PN}/${MY_URL_PREFIX}${PN}-doc-${MY_PV}.tar.gz -> ${MY_FILENAME_DOCS} )
+	"
+
+	PATCHES=()
+fi
+
+LICENSE="GPL-3 LGPL-3 Apache-2.0"
+SLOT="0"
+IUSE="curl dbi debug doc elasticsearch +gcrypt grok gnutls jemalloc kafka kerberos kubernetes libressl mdblookup"
+IUSE+=" mongodb mysql normalize omhttpfs omudpspoof openssl postgres rabbitmq redis relp rfc3195 rfc5424hmac"
+IUSE+=" snmp ssl systemd test usertools +uuid xxhash zeromq"
+
+RDEPEND="
+	>=dev-libs/libfastjson-0.99.8:=
+	>=dev-libs/libestr-0.1.9
+	>=sys-libs/zlib-1.2.5
+	curl? ( >=net-misc/curl-7.35.0 )
+	dbi? ( >=dev-db/libdbi-0.8.3 )
+	elasticsearch? ( >=net-misc/curl-7.35.0 )
+	gcrypt? ( >=dev-libs/libgcrypt-1.5.3:= )
+	grok? ( >=dev-libs/grok-0.9.2 )
+	jemalloc? ( >=dev-libs/jemalloc-3.3.1:= )
+	kafka? ( >=dev-libs/librdkafka-0.9.0.99:= )
+	kerberos? ( virtual/krb5 )
+	kubernetes? ( >=net-misc/curl-7.35.0 )
+	mdblookup? ( dev-libs/libmaxminddb:= )
+	mongodb? ( >=dev-libs/mongo-c-driver-1.1.10:= )
+	mysql? ( virtual/libmysqlclient:= )
+	normalize? (
+		>=dev-libs/libee-0.4.0
+		>=dev-libs/liblognorm-2.0.3:=
+	)
+	omhttpfs? ( >=net-misc/curl-7.35.0 )
+	omudpspoof? ( >=net-libs/libnet-1.1.6 )
+	postgres? ( >=dev-db/postgresql-8.4.20:= )
+	rabbitmq? ( >=net-libs/rabbitmq-c-0.3.0:= )
+	redis? ( >=dev-libs/hiredis-0.11.0:= )
+	relp? ( >=dev-libs/librelp-1.2.14:= )
+	rfc3195? ( >=dev-libs/liblogging-1.0.1:=[rfc3195] )
+	rfc5424hmac? (
+		!libressl? ( >=dev-libs/openssl-0.9.8y:0= )
+		libressl? ( dev-libs/libressl:= )
+	)
+	snmp? ( >=net-analyzer/net-snmp-5.7.2 )
+	ssl? (
+		gnutls? ( >=net-libs/gnutls-2.12.23:0= )
+		openssl? (
+			!libressl? ( dev-libs/openssl:0= )
+			libressl? ( dev-libs/libressl:0= )
+		)
+	)
+	systemd? ( >=sys-apps/systemd-234 )
+	uuid? ( sys-apps/util-linux:0= )
+	xxhash? ( dev-libs/xxhash:= )
+	zeromq? (
+		>=net-libs/czmq-3.0.2
+	)"
+DEPEND="${RDEPEND}
+	>=sys-devel/autoconf-archive-2015.02.24
+	virtual/pkgconfig
+	test? (
+		jemalloc? ( <sys-libs/libfaketime-0.9.7 )
+		!jemalloc? ( sys-libs/libfaketime )
+		${PYTHON_DEPS}
+	)"
+
+REQUIRED_USE="
+	kubernetes? ( normalize )
+	ssl? ( || ( gnutls openssl ) )
+"
+
+if [[ ${PV} == "9999" ]]; then
+	DEPEND+=" doc? ( >=dev-python/sphinx-1.1.3-r7 )"
+	DEPEND+=" >=sys-devel/flex-2.5.39-r1"
+	DEPEND+=" >=sys-devel/bison-2.4.3"
+	DEPEND+=" >=dev-python/docutils-0.12"
+fi
+
+CONFIG_CHECK="~INOTIFY_USER"
+WARNING_INOTIFY_USER="CONFIG_INOTIFY_USER isn't set. Imfile module on this system will only support polling mode!"
+
+pkg_setup() {
+	use test && python-any-r1_pkg_setup
+}
+
+src_unpack() {
+	if [[ ${PV} == "9999" ]]; then
+		git-r3_fetch
+		git-r3_checkout
+	else
+		unpack ${P}.tar.gz
+	fi
+
+	if use doc; then
+		if [[ ${PV} == "9999" ]]; then
+			local _EGIT_BRANCH=
+			if [[ -n "${EGIT_BRANCH}" ]]; then
+				# Cannot use rsyslog commits/branches for documentation repository
+				_EGIT_BRANCH=${EGIT_BRANCH}
+				unset EGIT_BRANCH
+			fi
+
+			git-r3_fetch "${DOC_REPO_URI}"
+			git-r3_checkout "${DOC_REPO_URI}" "${S}"/docs
+
+			if [[ -n "${_EGIT_BRANCH}" ]]; then
+				# Restore previous EGIT_BRANCH information
+				EGIT_BRANCH=${_EGIT_BRANCH}
+			fi
+		else
+			cd "${S}" || die "Cannot change dir into '${S}'"
+			mkdir docs || die "Failed to create docs directory"
+			cd docs || die "Failed to change dir into '${S}/docs'"
+			unpack ${MY_FILENAME_DOCS}
+		fi
+	fi
+}
+
+src_prepare() {
+	default
+
+	eautoreconf
+}
+
+src_configure() {
+	# Maintainer notes:
+	# * Guardtime support is missing because libgt isn't yet available
+	#   in portage.
+	# * Hadoop's HDFS file system output module is currently not
+	#   supported in Gentoo because nobody is able to test it
+	#   (JAVA dependency).
+	# * dev-libs/hiredis doesn't provide pkg-config (see #504614,
+	#   upstream PR 129 and 136) so we need to export HIREDIS_*
+	#   variables because rsyslog's build system depends on pkg-config.
+
+	if use redis; then
+		export HIREDIS_LIBS="-L${EPREFIX}/usr/$(get_libdir) -lhiredis"
+		export HIREDIS_CFLAGS="-I${EPREFIX}/usr/include"
+	fi
+
+	local myeconfargs=(
+		--disable-debug-symbols
+		--disable-generate-man-pages
+		--without-valgrind-testbench
+		--disable-liblogging-stdlog
+		$(use_enable test testbench)
+		# Input Plugins without depedencies
+		--enable-imdiag
+		--enable-imfile
+		--enable-impstats
+		--enable-imptcp
+		# Message Modificiation Plugins without depedencies
+		--enable-mmanon
+		--enable-mmaudit
+		--enable-mmcount
+		--enable-mmfields
+		--enable-mmjsonparse
+		--enable-mmpstrucdata
+		--enable-mmrm1stspace
+		--enable-mmsequence
+		--enable-mmutf8fix
+		# Output Modification Plugins without dependencies
+		--enable-mail
+		--enable-omprog
+		--enable-omruleset
+		--enable-omstdout
+		--enable-omuxsock
+		# Misc
+		--enable-fmhash
+		$(use_enable xxhash fmhash-xxhash)
+		--enable-pmaixforwardedfrom
+		--enable-pmciscoios
+		--enable-pmcisconames
+		--enable-pmlastmsg
+		--enable-pmsnare
+		# DB
+		$(use_enable dbi libdbi)
+		$(use_enable mongodb ommongodb)
+		$(use_enable mysql)
+		$(use_enable postgres pgsql)
+		$(use_enable redis omhiredis)
+		# Debug
+		$(use_enable debug)
+		$(use_enable debug diagtools)
+		$(use_enable debug memcheck)
+		$(use_enable debug valgrind)
+		# Misc
+		$(use_enable curl fmhttp)
+		$(use_enable elasticsearch)
+		$(use_enable gcrypt libgcrypt)
+		$(use_enable jemalloc)
+		$(use_enable kafka imkafka)
+		$(use_enable kafka omkafka)
+		$(use_enable kerberos gssapi-krb5)
+		$(use_enable kubernetes mmkubernetes)
+		$(use_enable normalize mmnormalize)
+		$(use_enable mdblookup mmdblookup)
+		$(use_enable grok mmgrok)
+		$(use_enable omhttpfs)
+		$(use_enable omudpspoof)
+		$(use_enable rabbitmq omrabbitmq)
+		$(use_enable relp)
+		$(use_enable rfc3195)
+		$(use_enable rfc5424hmac mmrfc5424addhmac)
+		$(use_enable snmp)
+		$(use_enable snmp mmsnmptrapd)
+		$(use_enable gnutls)
+		$(use_enable openssl)
+		$(use_enable systemd imjournal)
+		$(use_enable systemd omjournal)
+		$(use_enable usertools)
+		$(use_enable uuid)
+		$(use_enable zeromq imczmq)
+		$(use_enable zeromq omczmq)
+		--with-systemdsystemunitdir="$(systemd_get_systemunitdir)"
+	)
+
+	econf "${myeconfargs[@]}"
+}
+
+src_compile() {
+	default
+
+	if use doc && [[ "${PV}" == "9999" ]]; then
+		einfo "Building documentation ..."
+		local doc_dir="${S}/docs"
+		cd "${doc_dir}" || die "Cannot chdir into \"${doc_dir}\"!"
+		sphinx-build -b html source build || die "Building documentation failed!"
+	fi
+}
+
+src_test() {
+	local _has_increased_ulimit=
+
+	# Sometimes tests aren't executable (i.e. when added via patch)
+	einfo "Adjusting permissions of test scripts ..."
+	find "${S}"/tests -type f -name '*.sh' \! -perm -111 -exec chmod a+x '{}' \; || \
+		die "Failed to adjust test scripts permission"
+
+	if ulimit -n 3072; then
+		_has_increased_ulimit="true"
+	fi
+
+	if ! emake --jobs 1 check; then
+		eerror "Test suite failed! :("
+
+		if [[ -z "${_has_increased_ulimit}" ]]; then
+			eerror "Probably because open file limit couldn't be set to 3072."
+		fi
+
+		if has userpriv ${FEATURES}; then
+			eerror "Please try to reproduce the test suite failure with FEATURES=-userpriv " \
+				"before you submit a bug report."
+		fi
+
+	fi
+}
+
+src_install() {
+	local DOCS=(
+		AUTHORS
+		ChangeLog
+		"${FILESDIR}"/${BRANCH}/README.gentoo
+	)
+
+	use doc && local HTML_DOCS=( "${S}/docs/build/." )
+
+	default
+
+	newconfd "${FILESDIR}/${BRANCH}/${PN}.confd-r1" ${PN}
+	newinitd "${FILESDIR}/${BRANCH}/${PN}.initd-r1" ${PN}
+
+	keepdir /var/empty/dev
+	keepdir /var/spool/${PN}
+	keepdir /etc/ssl/${PN}
+	keepdir /etc/${PN}.d
+
+	insinto /etc
+	newins "${FILESDIR}/${BRANCH}/${PN}.conf" ${PN}.conf
+
+	insinto /etc/rsyslog.d/
+	newins "${FILESDIR}/${BRANCH}/50-default-r1.conf" 50-default.conf
+
+	insinto /etc/logrotate.d/
+	newins "${FILESDIR}/${BRANCH}/${PN}-r1.logrotate" ${PN}
+
+	if use mysql; then
+		insinto /usr/share/doc/${PF}/scripts/mysql
+		doins plugins/ommysql/createDB.sql
+	fi
+
+	if use postgres; then
+		insinto /usr/share/doc/${PF}/scripts/pgsql
+		doins plugins/ompgsql/createDB.sql
+	fi
+
+	prune_libtool_files --modules
+}
+
+pkg_postinst() {
+	local advertise_readme=0
+
+	if [[ -z "${REPLACING_VERSIONS}" ]]; then
+		# This is a new installation
+
+		advertise_readme=1
+
+		if use mysql || use postgres; then
+			echo
+			elog "Sample SQL scripts for MySQL & PostgreSQL have been installed to:"
+			elog "  /usr/share/doc/${PF}/scripts"
+		fi
+
+		if use ssl; then
+			echo
+			elog "To create a default CA and certificates for your server and clients, run:"
+			elog "  emerge --config =${PF}"
+			elog "on your logging server. You can run it several times,"
+			elog "once for each logging client. The client certificates will be signed"
+			elog "using the CA certificate generated during the first run."
+		fi
+	fi
+
+	if [[ ${advertise_readme} -gt 0 ]]; then
+		# We need to show the README file location
+
+		echo ""
+		elog "Please read"
+		elog ""
+		elog "  ${EPREFIX}/usr/share/doc/${PF}/README.gentoo*"
+		elog ""
+		elog "for more details."
+	fi
+}
+
+pkg_config() {
+	if ! use ssl ; then
+		einfo "There is nothing to configure for rsyslog unless you"
+		einfo "used USE=ssl to build it."
+		return 0
+	fi
+
+	# Make sure the certificates directory exists
+	local CERTDIR="${EROOT}/etc/ssl/${PN}"
+	if [[ ! -d "${CERTDIR}" ]]; then
+		mkdir "${CERTDIR}" || die
+	fi
+	einfo "Your certificates will be stored in ${CERTDIR}"
+
+	# Create a default CA if needed
+	if [[ ! -f "${CERTDIR}/${PN}_ca.cert.pem" ]]; then
+		einfo "No CA key and certificate found in ${CERTDIR}, creating them for you..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_ca.privkey.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = Portage automated CA
+		ca
+		cert_signing_key
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-self-signed \
+			--load-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--outfile "${CERTDIR}/${PN}_ca.cert.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_ca.privkey.pem"
+
+		# Create the server certificate
+		echo
+		einfon "Please type the Common Name of the SERVER you wish to create a certificate for: "
+		read -r CN
+
+		einfo "Creating private key and certificate for server ${CN}..."
+		certtool --generate-privkey \
+			--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+		cat > "${T}/${PF}.$$" <<- _EOF
+		cn = ${CN}
+		tls_www_server
+		dns_name = ${CN}
+		expiration_days = 3650
+		_EOF
+
+		certtool --generate-certificate \
+			--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+			--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+			--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+			--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+			--template "${T}/${PF}.$$" &>/dev/null
+		chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	else
+		einfo "Found existing ${CERTDIR}/${PN}_ca.cert.pem, skipping CA and SERVER creation."
+	fi
+
+	# Create a client certificate
+	echo
+	einfon "Please type the Common Name of the CLIENT you wish to create a certificate for: "
+	read -r CN
+
+	einfo "Creating private key and certificate for client ${CN}..."
+	certtool --generate-privkey \
+		--outfile "${CERTDIR}/${PN}_${CN}.key.pem" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.key.pem"
+
+	cat > "${T}/${PF}.$$" <<- _EOF
+	cn = ${CN}
+	tls_www_client
+	dns_name = ${CN}
+	expiration_days = 3650
+	_EOF
+
+	certtool --generate-certificate \
+		--outfile "${CERTDIR}/${PN}_${CN}.cert.pem" \
+		--load-privkey "${CERTDIR}/${PN}_${CN}.key.pem" \
+		--load-ca-certificate "${CERTDIR}/${PN}_ca.cert.pem" \
+		--load-ca-privkey "${CERTDIR}/${PN}_ca.privkey.pem" \
+		--template "${T}/${PF}.$$" &>/dev/null
+	chmod 400 "${CERTDIR}/${PN}_${CN}.cert.pem"
+
+	rm -f "${T}/${PF}.$$"
+
+	echo
+	einfo "Here is the documentation on how to encrypt your log traffic:"
+	einfo " https://www.rsyslog.com/doc/rsyslog_tls.html"
+}